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Primary eg : CVSS Source & 
Vendor -- Product BesctipHon Patch Info 
A buffer overflow in the RTSP service of the 
Ambarella Oryx RTSP Server 2020-01-07 allows 
an unauthenticated attacker to send a crafted CVE-2020- 
RTSP request, with a long digest authentication 24918 
idl gh ener header, to execute arbitrary code in a 10 |IMISC 
i parse_authentication_header‘() in libamprotocol- MISC 
rtsp.so.1 in rtsp_svc (or cause a crash). This MISC 
allows remote takeover of a Furbo Dog Camera, 
for example. 
[AAmpache before version 4.2.2 allows CVE-2020- 
unauthenticated users to perform SQL injection. 2021-04- 15153 
ampache -- ampache Refer to the referenced GitHub Security Advisory 30 7.5 ||MISC 
for details and a workaround. This is fixed in MISC 
version 4.2.2 and the development branch. CONFIRM 
Multiple vulnerabilities in the install, uninstall, and 
upgrade processes of Cisco AnyConnect Secure 
Mobility Client for Windows could allow an 
authenticated, local attacker to hijack DLL or 
executable files that are used by the application. A CVE-2021- 
CiSCO -- successful exploit could allow the attacker to 2021-05- 72 \1496 
anyconnect_secure_mobilityexctientte arbitrary code on an affected device with 06 — CISCO 
SYSTEM privileges. To exploit these = 
vulnerabilities, the attacker must have valid 
credentials on the Windows system. For more 
information about these vulnerabilities, see the 
Details section of this advisory. 
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Multiple vulnerabilities in the install, uninstall, and 
upgrade processes of Cisco AnyConnect Secure 
Mobility Client for Windows could allow an 
authenticated, local attacker to hijack DLL or 
executable files that are used by the application. A 
successful exploit could allow the attacker to 2021-05- 
exdieute arbitrary code on an affected device with 06 
SYSTEM privileges. To exploit these 
vulnerabilities, the attacker must have valid 
credentials on the Windows system. For more 
information about these vulnerabilities, see the 
Details section of this advisory. 


Multiple vulnerabilities in the install, uninstall, and 

upgrade processes of Cisco AnyConnect Secure 

Mobility Client for Windows could allow an 

authenticated, local attacker to hijack DLL or 

executable files that are used by the application. A 
successful exploit could allow the attacker to 2021-05- 


CVE-2021- 
1430 
CISCO 


CiSCO -- 
anyconnect_secure_mobilit 


CVE-2021- 
1429 


CiSCO -- 
xetieutte arbitrary code on an affected device with 06 CISCO 


anyconnect_secure_mobilitvey 

SYSTEM privileges. To exploit these 
vulnerabilities, the attacker must have valid 
credentials on the Windows system. For more 
information about these vulnerabilities, see the 
Details section of this advisory. 


Multiple vulnerabilities in the install, uninstall, and 
upgrade processes of Cisco AnyConnect Secure 
Mobility Client for Windows could allow an 
authenticated, local attacker to hijack DLL or 
executable files that are used by the application. A 
successful exploit could allow the attacker to 2021-05- 
exdieutie arbitrary code on an affected device with 06 
SYSTEM privileges. To exploit these 
vulnerabilities, the attacker must have valid 
credentials on the Windows system. For more 
information about these vulnerabilities, see the 
Details section of this advisory. 


Multiple vulnerabilities in the install, uninstall, and 

upgrade processes of Cisco AnyConnect Secure 

Mobility Client for Windows could allow an 

authenticated, local attacker to hijack DLL or 

executable files that are used by the application. A 
successful exploit could allow the attacker to 2021-05- 


CVE-2021- 
1428 
CISCO 


CiSCO -- 
anyconnect_secure_mobilit 


CVE-2021- 
1427 
CISCO 


i2 

ters 

2 
CiSCO -- 72 
anyconnect_secure_mobilityexatientte arbitrary code on an affected device with 06 : 
SYSTEM privileges. To exploit these 
vulnerabilities, the attacker must have valid 
credentials on the Windows system. For more 
information about these vulnerabilities, see the 


Details section of this advisory. 
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Multiple vulnerabilities in the install, uninstall, and 
upgrade processes of Cisco AnyConnect Secure 
Mobility Client for Windows could allow an 
authenticated, local attacker to hijack DLL or 
executable files that are used by the application. A 
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arbitrary code. 








CiSCO -- successful exploit could allow the attacker to 2021-05- a 
anyconnect_secure_mobilityexctentte arbitrary code on an affected device with 06 CISCO 
SYSTEM privileges. To exploit these ——— 
Vulnerabilities, the attacker must have valid 
credentials on the Windows system. For more 
information about these vulnerabilities, see the 
Details section of this advisory. 
Dell Hybrid Client versions prior to 1.5 contain a 
missing authentication for a critical function 2021-04- CVE-2021- 
dell -- hybrid_client Vulnerability. A local unauthenticated attacker may 30 215935 
exploit this vulnerability in order to gain root level MISC 
access to the system. 
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to CVE-2020- 
‘hte insecure inter-deployment communication. An 2021-05- 4979 
radar Secutity iatonnalio attagker the tis able 10 comprimise or spoof traffic 05 XE 
ie = ¥_ aiween Ost May Be able to execute arbitrary CONFIRM 
commands. IBM X-Force D: 192538. ae 
CVE-2021- 
An issue was discovered in klibc before 2.0.9. 31872 
klibc_project -- klibc Multiple possible integer overflows in the cpio 2021-04- MISC 
a command on 32-bit systems may result in a buffer 30 MISC 
overflow or other security impact. MISC 
MLIST 
CVE-2021- 
An issue was discovered in klibc before 2.0.9. 31870 
klibc_project -- klibc Multiplication in the calloc() function may result in || 2021-04- MISC 
a an integer overflow and a subsequent heap buffer 30 MISC 
overflow. MISC 
MLIST 
SQL Injection vulnerability in Online Book Store CVE-2020- 
projectworlds -- v1.0 via the publisher parameter to edit_book.php, || 2021-05- 49114. 
online_book_store_project_|hwhjtrpcould let a remote malicious user execute 06 MISC 
arbitrary code. a 
SQL Injection vulnerability in Online Book Store CVE-2020- 
projectworlds -- v1.0 via the bookisbn parameter to 2021-05- 19112 
online_book_store_project_|jadpinp_delete.php, which could let a remote 06 MISC. 
malicious user execute arbitrary code. = 
SQL Injection vulnerability in Online Book Store CVE-2020- 
projectworlds -- v1.0 via the bookisbn parameter to book.php 2021-05- 49110 
online_book_store_project_|Iparimeter, which could let a remote malicious 06 MISC. 
user execute arbitrary code. fe= = 
SQL Injection vulnerability in Online Book Store CVE-2020- 
projectworlds -- v1.0 via the bookisbn parameter to 2021-05- 49109 
online_book_store_project_|jadpiip_edit.php, which could let a remote 06 MISC. 
malicious user execute arbitrary code. fa 
SQL Injection vulnerability in Online Book Store CVE-2020- 
projectworlds -- v1.0 via the pubid parameter to bookPerPub.php, || 2021-05- 19108 
online_book_store_project_|hwhjtrpcould let a remote malicious user execute 06 MISC” 
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Description 


SQL Injection vulnerability in Online Book Store 
v1.0 via the isbn parameter to edit_book.php, 
yhptinpcould let a remote malicious user execute 














arbitrary code. 


Medium Vulnerabilities 





Published 


a 


2021-05- 
06 


Cvss Source & 
Score Patch Info 
CVE-2020- 


19107 
MISC 
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Primary eee : CVSS Source & 
Chamilo LMS 1.11.10 is affected by Cross Site ae 
. . : : 2021-05- 23127 
chamilo -- chamilo_lms Request Forgery (CSRF) via the edit_user 06 MISC 
function by targeting an admin user. CONFIRM 
CODESYS Development System 3 before ee 
: ae 29239 
codesys -- 3.5.17.0 displays or executes malicious 2021-05- 
; Ait Pee ; 4.6 ||MISC 
development_system documents or files embedded in libraries without 03 MISC 
first checking their validity. MISC 
Dell dbutil_2_3.sys driver contains an insufficient 
access control vulnerability which may lead to 2021-05- CVE-2021- 
dell -- debutil_ 2 3.sys escalation of privileges, denial of service, or 04 4.6 |21551 
information disclosure. Local authenticated user MISC 
access is required. 
Cross-site scripting vulnerability in Drupal Core. 
Drupal AJAX API does not disable JSONP by CVE-2020- 
default, allowing for an XSS attack. This issue 2021-05- Tega = 
drupal -- drupal : ; : 4.3 ||13666 
affects: Drupal Drupal Core 7.x versions prior to 05 CONFIRM 
7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions ace en 
prior to 8.9.6; 9.0.x versions prior to 9.0.6. 
CVE-2021- 
Insufficient data validation in V8 in Google 
Gédlexnearonme Chrome prior to 90.0.4430.93 allowed a remote 2021-04- | 6. 
goog attacker to potentially exploit heap corruption via a 30 —— 
crafted HTML page. 
Insufficient data validation in V8 in Google 
eodiewchione Chrome prior to 90.0.4430.93 allowed a remote 2021-04- 
goog attacker to potentially exploit heap corruption via a 30 
crafted HTML page. 
Incorrect security UI in downloads in Google 
ebaié<chronie Chrome on Android prior to 90.0.4430.93 allowed || 2021-04- 43 
goog a remote attacker to perform domain spoofing via 30 _ 
a crafted HTML page. 
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ae ; F : . CVE-2021- 

Insufficient policy enforcement in extensions in 21228 

Google Chrome prior to 90.0.4430.93 allowed an 2021-04- MISC. 
google -- chrome attacker who convinced a user to install a 30 4.3 MISC 

malicious extension to bypass navigation =r 

restrictions via a crafted Chrome Extension — 
, DEBIAN 
CVE-2021- 

Use after free in Dev Tools in Google Chrome 21232 

prior to 90.0.4430.93 allowed a remote attacker to || 2021-04- MISC 
google curoime potentially exploit heap corruption via a crafted 30 MISC 

HTML page. GENTOO 

DEBIAN 
CVE-2021- 

Type confusion in V8 in Google Chrome prior to 21230 

90.0.4430.93 allowed a remote attacker to 2021-04- MISC 
oodles cnnonie potentially exploit heap corruption via a crafted 30 68 Misc 

HTML page. GENTOO 

DEBIAN 
CVE-2021- 

Heap buffer overflow in ANGLE in Google 212353 

Chrome on Windows prior to 90.0.4430.93 2021-04- MISC 
soogies Carine allowed a remote attacker to potentially exploit 30 68 misc 

heap corruption via a crafted HTML page. GENTOO 

DEBIAN 

In loT Devices SDK, there is an implementation of 

calloc() that doesn't have a length check. An 

attacker could pass in memory objects larger than CVE-2021- 
google -- the buffer and wrap around to have a smaller 2021-05- 46 22547 
cloud_iot_device_sdk_for_@buféstdédncrequired, allowing the attacker access 04 — |ICONFIRM 

to the other parts of the heap. We recommend CONFIRM 

upgrading the Google Cloud loT Device SDK for 

Embedded C used to 1.0.3 or greater. 

This affects all versions of package CVE-2020- 
gosaml2_project -- github.com/russellhaering/gosaml2. There is a 2021-04- 5 recall 
gosaml2 crash on nil-pointer dereference caused by 30 - CONFIRM 

sending malformed XML signatures. CONFIRM 

IBM QRadar SIEM 7.3 and 7.4 when CVE-2020- 
ibm -- decompressing or verifying signature of zip files 2021-05- 4 4993 
qradar_security_informationjpanckssemdateaimagjevay that may be vulnerable to 05 = CONFIRM 

path traversal attacks. IBM X-Force ID: 192905. XF 

IBM QRadar SIEM 7.3 and 7.4 contains hard- 

coded credentials, such as a password or CVE-2020- 
ibm -- cryptographic key, which it uses for its own 2021-05- 46 4932 
qradar_security_informationiréralreventherdictadien, outbound communication 05 = IAF 

to external components, or encryption of internal CONFIRM 

data. IBM X-Force ID: 191748. 

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to 

cross-site scripting. This vulnerability allows users CVE-2021- 
ibm -- to embed arbitrary JavaScript code in the Web UI || 2021-05- 43 20397 
qradar_security_informationtrarda#esng thenatgarded functionality potentially 05 = 










leading to credentials disclosure within a trusted 











session. IBM X-Force ID: 196017. 
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IBM QRadar SIEM 7.3 and 7.4 may vulnerable to 





Published 


Cvss Source & 
Score Patch Info 























UI on a smartphone. 
OX App Suite 7.10.4 and earlier allows XSS via a 





a XML External Entity Injection (XXE) attack when CVE-2020- 
ibm -- processing XML data. A remote attacker could 2021-05- 55 5013 
qradar_security_informationieaphbieiventvurraatagéity to expose sensitive 05 =~ |ICONFIRM 
information or consume memory resources. IBM XE 
X-Force ID: 193245. 
IBM QRadar SIEM 7.3 and 7.4 contains hard- 
coded credentials, such as a password or CVE-2021- 
ibm -- cryptographic key, which it uses for its own 2021-05- 46 20401 
qradar_security_informationiréralreventherdicadien, outbound communication 05 —— XE 
to external components, or encryption of internal CONFIRM 
data. IBM X-Force ID: 196075. 
IBM QRadar SIEM 7.3 and 7.4 could disclose CVE-2020- 
ibm -- sensitive information about other domains which 2021-05- 4 4883 
qradar_security_informationicaot) bearstechanfagrer attacks against the 05 a XE 
system. IBM X-Force ID: 190907. CONFIRM 
Path Traversal in iCMS v7.0.13 allows remote 
attackers to delete folders by injecting commands 2021-04- CVE-2020- 
idreamsoft -- icms into a crafted HTTP request to the "do_del()" 30 6.4 ||18070 
method of the component MISC 
"database.admincp.php". 
CVE-2021- 
. : are 31871 
An issue was discovered in klibc before 2.0.9. An 2021-04- MISG 
klibc_project -- klibc integer overflow in the cpio command may result 30 MISC 
in a NULL pointer dereference on 64-bit systems. MISC 
MLIST 
A user authorized to performing a specific type of CVE-2021- 
mongodb -- mongodb find query may trigger a denial of service. This 2021-04- 20326 
issue affects: MongoDB Inc. MongoDB Server 30 CONFIRM 
V4.4 versions prior to 4.4.4. a 
OX App Suite 7.10.4 and earlier allows XSS via a CVE-2021- 
open-xchange -- open- crafted contact object (payload in the position or 2021-04- 31934. 
xchange_appsuite company field) that is mishandled in the App Suite 30 Saiee 


2021-04- 





MISC 





























uninitialized values of certain parts of a struct. 
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open-xchange -- open- oes 
aie — g as crafted distribution list (payload in the common 30 4.3 1131935 
ge_aPpP name) that is mishandled in the scheduling view. MISC 

CVE-2020- 
open-xchange -- open- OX App Suite 7.10.4 and earlier allows SSRF via || 2021-04- 28943 
xchange_appsuite a snippet. 30 MISC 
MISC 

OX App Suite 7.10.4 and earlier allows XSS via CVE-2020- 
open-xchange -- open- en poe aes an undocumented 2021-05- 28945 
Renee APPSule (http://onerror=Function.constructor, in a Notes a Dee 
item. —<—— 

OX Guard 2.10.4 and earlier allows a Denial of 2021-04- a 
open-xchange -- ox_guard ||Service via a WKS server that responds slowly or 30 MISC” 
with a large amount of data. peared 
MISC 

An issue was discovered in the rkyv crate before CVE-2021- 

sieve aioe uy 0.6.0 for Rust. When an archive is created via 2021-04- 31919 
YV_PTO] y serialization, the archive content may contain 30 ae 


SS > 





MISC 
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Cross Site Scripting (XSS) in yzmCMS v5.2 
allows remote attackers to execute arbitrary code 2021-04- CVE-2020- 
by injecting commands into the "referer" field of a 4.3 


18084 
MISC 


yzmcms -- yzmcms 30 
POST request to the component 
"/member/index/login.html" when logging in. 
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A vulnerability in the interprocess communication 

(IPC) channel of Cisco AnyConnect Secure 

Mobility Client Software could allow an 

authenticated, local attacker to overwrite VPN 

profiles on an affected device. The vulnerability is CVE-2021- 
due to insufficient validation of user-supplied 2021-05- ea 
inplit¢n&n attacker could exploit this vulnerability 06 

by sending a crafted IPC message to the 

AAnyConnect process. A successful exploit could 

allow the attacker to modify VPN profile files. To 


1519 
CISCO 


CiSCO -- 
anyconnect_secure_mobilit 


exploit this vulnerability, the attacker must have 
valid credentials on the affected system. 





The &#x201C;JetWidgets For 
Elementor&#x201D; WordPress Plugin before CVE-2021- 
24268 
CONFIRM 


MISC 


crocoblock -- 
jetwidgets_for_elementor 


aa) 
1.0.9 has several widgets that are vulnerable to 2021-05- 35 
stored Cross-Site Scripting (XSS) by lower- 05 = 
privileged users such as contributors, all via a 
similar method. 
Dell Hybrid Client versions prior to 1.5 contain an f 
information exposure vulnerability. A local 2021-04- CVE-2021- 
unauthenticated attacker may exploit this 2.1 {21534 
MISC 
2.1 
25 


dell -- hybrid_client 30 
vulnerability in order to gain access to sensitive 
information via the local API. 


Dell Hybrid Client versions prior to 1.5 contain an 

information exposure vulnerability. A local 2021-04- CVE-2021- 

dell -- hybrid_client unauthenticated attacker may exploit this 30 2.1 |21536 
MISC 








vulnerability in order to register the client to a 
server in order to view sensitive information. 


Dell Hybrid Client versions prior to 1.5 contain an 
information exposure vulnerability. A local 2021-04- 
unauthenticated attacker may exploit this 21, 





CVE-2021- 
21537 
MISC 


dell -- hybrid_client 30 

vulnerability in order to view and exfiltrate 

sensitive information on the system. 

IBM FlashSystem 900 1.5.2.9 and 1.6.1.3 user 

management GUI is vulnerable to stored cross- CVE-2020- 

site scripting. This vulnerability allows users to 2021-05- 4987. 

embed arbitrary JavaScript code in the Web UI 3.5 |e 
CONFIRM 


ibm -- 


Pacis ystcMmem eC Cammwele thus altering the intended functionality potentially on 


leading to credentials disclosure within a trusted 
session. IBM X-Force ID: 192702. 
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Primary ar : CVSS Source & 
Vendor -- Product Deecriplcn eupished Patch Info 
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to 
cross-site scripting. This vulnerability allows users CVE-2020- 
ibm -- to embed arbitrary JavaScript code in the Web UI || 2021-05- 35 4929 
qradar_security_informationtharda#esng thenatgarded functionality potentially 05 =~ |ICONFIRM 
leading to credentials disclosure within a trusted XE 
session. IBM X-Force ID: 191706. 
CVE-2021- 
XSS in the client account page in SuiteCRM 2021-04- 31792 
salesagility -- suitecrm before 7.11.19 allows an attacker to inject 30 3.5 |IMISC 
JavaScript via the name field MISC 
MISC 
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Severity Not Yet Assigned 





Primary 
Vendor -- Product 


amazon -- freertos 


Description 


The kernel in Amazon Web Services FreeRTOS 
before 10.4.3 has insufficient bounds checking 
during management of heap memory. 


Published 


2021-05- 
03 


Cvss Source & 
Score Patch Info 


CVE-2021- 
caloulateye2020 
iSC 








apache -- airflow 


The "origin" parameter passed to some of the 
endpoints like '/trigger' was vulnerable to XSS 
exploit. This issue affects Apache Airflow versions 
<1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 
and 2.x series. This is the same as CVE-2020- 
13944 & CVE-2020-17515 but the implemented 
fix did not fix the issue completely. Update to 





2021-05- 




















/include/chart_generator.php session_id 














parameter, leading to a login bypass. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d87c65 


Airflow 1.10.15 or 2.0.2. Please also update your 02 
Python version to the latest available PATCH 
releases of the installed MINOR versions, 
example update to Python 3.6.13 if you are on 
Python 3.6. (Those contain the fix for CVE-2021- 
23336 https://nvd.nist.gov/vuln/detail/CVE-2021- 
23336). 
Apache Unomi prior to version 1.5.5 allows CRLF 2021-05- || not yet CVE-2021- 
apache -- unomi log injection because of the lack of escaping in the 04 ealculat 1164 
log statements. ISC 
A remote file inclusion vulnerability exists in Artica 2021-05- 
artica -- pandora_fms_742 ||Pandora FMS 742, exploitable by the lowest 07 
privileged user. 
; Artica Pandora FMS 742 allows unauthenticated || 2021-05- 
artica -- pandora_fms_/42 | ackers to perform Phar deserialization. 07 
A SQL injection vulnerability in the 
pandora_console component of Artica Pandora 
artica -- pandora_fms_742 FMS 742 allows an unauthenticated attacker to 2021-05- 
= upgrade his unprivileged session via the 07 
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Published 


CVvSss Source & 
Score Patch Info 





asus -- gt-ac2900_devices 


The administrator application on ASUS GT- 
AAC2900 devices before 3.0.0.4.386.42643 allows 
authentication bypass when processing remote 
input from an unauthenticated user, leading to 
unauthorized access to the administrator 
interface. This relates to handle_request in 
router/httpd/httpd.c and auth_check in 
web_hook.o. An attacker-supplied value of '' 
matches the device's default value of '' in some 


situations. 





2021-05- 
06 





avahi -- avahi 


A flaw was found in avahi 0.8-5. A reachable 
assertion is present in 

avahi_s_ host_name_resolver_start function 
allowing a local attacker to crash the avahi service 
by requesting hostname resolutions through the 
avahi socket or dbus methods for invalid 
hostnames. The highest threat from this 
vulnerability is to the service availability. 





2021-05- 
07 





btcpay_server -- 
btcpay_server 


BTCPay Server through 1.0.7.0 suffers from 
directory traversal, which allows an attacker with 
admin privileges to achieve code execution. The 
attacker must craft a malicious plugin file with 
special characters to upload the file outside of the 
restricted directory. 


2021-05- 
05 


not yet 
calculat 





btcpay_server -- 
btcpay_server 


btcpay_server -- 
btcpay_server 


btcpay_server -- 
btcpay_server 


btcpay_server -- 
btcpay_server 


BTCPay Server through 1.0.7.0 uses a weak 
method Next to produce pseudo-random values to 
generate a legacy API key. 


BTCPay Server through 1.0.7.0 suffers from a 

Stored Cross Site Scripting (XSS) vulnerability 
within the POS Add Products functionality. This 
enables cookie stealing. 


BTCPay Server through 1.0.7.0 could allow a 
remote attacker to obtain sensitive information, 
caused by failure to set the Secure flag for a 
cookie. 


BTCPay Server through 1.0.7.0 could allow a 
remote attacker to obtain sensitive information, 
caused by failure to set the HTTPOnly flag for a 
cookie. 








2021-05- 
05 


2021-05- 
05 


2021-05- 
05 


2021-05- 
05 








centreon_web -- 
centreon_web 


Insecure Permissions in Centreon Web versions 
19.10.18, 20.04.8, and 20.10.2 allows remote 
attackers to bypass validation by changing any file 
extension to ".gif", then uploading it in the 
"Administration/ Parameters/ Images" section of 
the application. 


2021-05- 
04 


CVE-2021- 
6804 
ISC 


not yet 
calculat 








chamilo -- chamilo 








Chamilo LMS 1.11.10 does not properly manage 
privileges which could allow a user with Sessions 
administrator privilege to create a new user then 
use the edit user function to change this new user 
to administrator privilege. 
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2021-05- 
06 











9/53 


5/10/2021 


Primary 
Vendor -- Product 


Vulnerability Summary for the Week of May 3, 2021 


Description 


Published 


CVvSss Source & 
Score Patch Info 





CiSCO -- 
broadworks_messaging_se 


CiSCO -- 
content_security_managem 


CiSCO -- 
content_security_managem 














A vulnerability in the web-based management 
interface of Cisco BroadWorks Messaging Server 
Software could allow an authenticated, remote 
attacker to access sensitive information or cause 
a partial denial of service (DoS) condition on an 
affected system. This vulnerability is due to 
improper handling of XML External Entity (XXE) 
entries when parsing certain XML files. An 
attacker could exploit this vulnerability by 
Uploading 4 crafted XML file that contains 
references to external entities. A successful 
exploit could allow the attacker to retrieve files 
from the local system, resulting in the disclosure 
of sensitive information, or cause the application 
to consume available resources, resulting in a 
partial DoS condition on an affected system. 
There are workarounds that address this 
vulnerability. 


A vulnerability in the web-based management 
interface of Cisco AsyncOS Software for Cisco 
Content Security Management Appliance (SMA), 
Cisco Email Security Appliance (ESA), and Cisco 
Web Security Appliance (WSA) could allow an 
authenticated, remote attacker to access sensitive 
information on an affected device. The 

Hea a AN exists because confidential 

n 8h {S included in HTTP requests that are 





Ofrh atl 


exchanged between the user and the device. An 
attacker could exploit this vulnerability by looking 
at the raw HTTP requests that are sent to the 
interface. A successful exploit could allow the 
attacker to obtain some of the passwords that are 
configured throughout the interface. 


A vulnerability in the user account management 
system of Cisco AsyncOS for Cisco Content 
Security Management Appliance (SMA) could 
allow an authenticated, local attacker to elevate 
their privileges to root. This vulnerability is due to 
a procedural flaw in the password generation 
algorithm. An attacker could exploit this 

SH abBlanes enabling specific Administrator- 
Ohty tealutes and connecting to the appliance 
through the CLI with elevated privileges. A 
successful exploit could allow the attacker to 
execute arbitrary commands as root and access 
the underlying operating system. To exploit this 
vulnerability, the attacker must have valid 
Administrator credentials. 
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CISCO -- 


cisco -- hyperflex_hx 


enterprise_nfv_infrastructun 


A vulnerability in Cisco Enterprise NFV 
Infrastructure Software (NFVIS) could allow an 
authenticated, local attacker to perform a 
command injection attack on an affected device. 
The vulnerability is due to insufficient validation of 
Peace ahi input to a configuration command. 
tacker could exploit this vulnerability by 
agin Ing 4 Malicious input during the execution of 
this command. A successful exploit could allow a 
non-privileged attacker authenticated in the 
restricted CLI to execute arbitrary commands on 
the underlying operating system (OS) with root 
privileges. 
A vulnerability in the web-based management 
interface of Cisco HyperFlex HX Data Platform 
could allow an unauthenticated, remote attacker 
to upload files to an affected device. This 
vulnerability is due to missing authentication for 
the upload function. An attacker could exploit this 
vulnerability by sending a specific HTTP request 
to an affected device. A successful exploit could 
allow the attacker to upload files to the affected 
device with the permissions of the tomcat8 user. 








2021-05- 
06 


2021-05- 
06 





cisco -- hyperflex_hx 


Multiple vulnerabilities in the web-based 
management interface of Cisco HyperFlex HX 
could allow an unauthenticated, remote attacker 
to perform command injection attacks against an 
affected device. For more information about these 
vulnerabilities, see the Details section of this 
advisory. 





2021-05- 
06 








cisco -- hyperflex_hx 


Multiple vulnerabilities in the web-based 
management interface of Cisco HyperFlex HX 
could allow an unauthenticated, remote attacker 
to perform command injection attacks against an 
affected device. For more information about these 
vulnerabilities, see the Details section of this 
advisory. 


2021-05- 
06 


CVE-2021- 
1498 
ISCO 


not yet 
calculat 








CiSCO -- 
integrated_management_c 








A vulnerability in the web-based management 
interface of Cisco Integrated Management 
Controller (IMC) Software could allow an 
unauthenticated, remote attacker to redirect a 
user to a malicious web page. This vulnerability is 
due to improper input validation of the parameters 
in an HTTP request. An attacker could exploit this 
mirokeabsittitvagreersuading a user to click a 
crafted link. A successful exploit could allow the 
attacker to redirect a user to a malicious website. 
This vulnerability is known as an open redirect 
attack, which is used in phishing attacks to get 
users to visit malicious sites without their 
knowledge. 
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cisco -- multiple_routers 


cisco -- sd-wan_ software 


cisco -- sd-wan_ software 


cisco -- sd-wan_ software 


cisco -- sd- 
wan_vedge_ software 











A vulnerability in the internal message processing 
of Cisco RV340, RV340W, RV345, and RV345P 
Dual WAN Gigabit VPN Routers could allow an 
authenticated, local attacker to run arbitrary 
commands with root privileges on the underlying 
operating system (OS). This vulnerability exists 
because an internal messaging service does not 
properly sanitize input. An attacker could exploit 
this vulnerability by first authenticating to the 
device and then sending a crafted request to the 
internal service. A successful exploit could allow 
the attacker to run arbitrary commands with root 
privileges on the underlying OS. To exploit this 
vulnerability, the attacker must have valid 
Administrator credentials for the device. 


A vulnerability in the CLI of Cisco SD-WAN 
Software could allow an authenticated, local 
attacker to inject arbitrary commands to be 
executed with Administrator privileges on the 
underlying operating system. This vulnerability is 
due to insufficient input validation on certain CLI 
commands. An attacker could exploit this 
vulnerability by authenticating to the device and 
submitting crafted input to the CLI. The attacker 
must be authenticated as a low-privileged user to 
execute the affected commands. A successful 
exploit could allow the attacker to execute 
commands with Administrator privileges. 


A vulnerability in the CLI of Cisco SD-WAN 
Software could allow an authenticated, local 
attacker to overwrite arbitrary files in the 
underlying file system of an affected system. This 
vulnerability is due to insufficient validation of the 
user-supplied input parameters of a specific CLI 
command. An attacker could exploit this 
vulnerability by issuing that command with specific 
parameters. A successful exploit could allow the 
attacker to overwrite the content in any arbitrary 
files that reside on the underlying host file system. 


A vulnerability in the vDaemon process of Cisco 
SD-WAN Software could allow an 
unauthenticated, remote attacker to cause a 
device to reload, resulting in a denial of service 
(DoS) condition. This vulnerability is due to 
insufficient handling of malformed packets. An 
attacker could exploit this vulnerability by sending 
crafted traffic to an affected device. A successful 
exploit could allow the attacker to cause the 
device to reload, resulting in a DoS condition. 


Multiple vulnerabilities in Cisco SD-WAN vEdge 
Software could allow an attacker to execute 
arbitrary code as the root user or cause a denial 
of service (DoS) condition on an affected device. 
For more information about these vulnerabilities, 
see the Details section of this advisory. 














https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d87c65 
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Multiple vulnerabilities in Cisco SD-WAN vEdge 
Software could allow an attacker to execute 








For more information about these vulnerabilities, 
see the Details section of this advisory. 


cisco -- sd- arbitrary code as the root user or cause a denial 2021-05- || not yet — 
wan_vedge_ software of service (DoS) condition on an affected device. 06 calculat ISCO 

For more information about these vulnerabilities, 

see the Details section of this advisory. 

Multiple vulnerabilities in Cisco SD-WAN vEdge 

Software could allow an attacker to execute CVE-2021- 
cisco -- sd- arbitrary code as the root user or cause a denial 2021-05- || not yet 4511 
wan_vedge_ software of service (DoS) condition on an affected device. 06 calculat ISCO 





cisco -- sd- 
wan_vmanage_ software 





A vulnerability in Cisco SD-WAN vManage 
Software could allow an unauthenticated, remote 
attacker to enumerate user accounts. This 
vulnerability is due to the improper handling of 
HTTP headers. An attacker could exploit this 
vulnerability by sending authenticated requests to 
an affected system. A successful exploit could 
allow the attacker to compare the HTTP 
responses that are returned by the affected 
system to determine which accounts are valid 
user accounts. 


2021-05- 
06 





cisco -- sd- 
wan_vmanage_software 





A vulnerability in an API of Cisco SD-WAN 
vManage Software could allow an authenticated, 
remote attacker to conduct a stored cross-site 
scripting (XSS) attack against users of the 
application web-based interface. This vulnerability 
exists because the API does not properly validate 
user-supplied input. An attacker could exploit this 
Vulnerability by sending malicious input to the API. 
A successful exploit could allow the attacker to 
execute arbitrary script code in the context of the 
web-based interface or access sensitive, browser- 
based information. 


2021-05- 
06 





cisco -- sd- 
wan_vmanage_ software 





Multiple vulnerabilities in Cisco SD-WAN vManage 
Software could allow an unauthenticated, remote 
attacker to execute arbitrary code or gain access 
to sensitive information, or allow an authenticated, 
local attacker to gain escalated privileges or gain 
unauthorized access to the application. For more 
information about these vulnerabilities, see the 
Details section of this advisory. 


2021-05- 
06 





cisco -- sd- 
Wwan_vmanage_ software 








Multiple vulnerabilities in Cisco SD-WAN vManage 
Software could allow an unauthenticated, remote 
attacker to execute arbitrary code or gain access 
to sensitive information, or allow an authenticated, 
local attacker to gain escalated privileges or gain 
unauthorized access to the application. For more 
information about these vulnerabilities, see the 











Details section of this advisory. 
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cisco -- sd- 
wan_vmanage_ software 


cisco -- sd- 
wan_vmanage_ software 


A vulnerability in Cisco SD-WAN vManage 
Software could allow an unauthenticated, adjacent 
attacker to gain access to sensitive information. 
This vulnerability is due to improper access 
controls on API endpoints when Cisco SD-WAN 
vManage Software is running in multi-tenant 
mode. An attacker with access to a device that is 
managed in the multi-tenant environment could 
exploit this vulnerability by sending a request to 
an affected API endpoint on the vManage system. 
A successful exploit could allow the attacker to 
gain access to sensitive information that may 
include hashed credentials that could be used in 
future attacks. 


Multiple vulnerabilities in Cisco SD-WAN vManage 
Software could allow an unauthenticated, remote 
attacker to execute arbitrary code or gain access 
to sensitive information, or allow an authenticated, 
local attacker to gain escalated privileges or gain 
unauthorized access to the application. For more 
information about these vulnerabilities, see the 
Details section of this advisory. 








2021-05- 
06 


2021-05- 
06 





cisco -- sd- 
wan_vmanage_ software 


cisco -- sd- 
wan_vmanage_ software 





A vulnerability in the cluster management 
interface of Cisco SD-WAN vManage Software 
could allow an unauthenticated, remote attacker 
to view sensitive information on an affected 
system. To be affected by this vulnerability, the 
Cisco SD-WAN vManage Software must be in 
cluster mode. This vulnerability is due to the 
absence of authentication for sensitive information 
in the cluster management interface. An attacker 
could exploit this vulnerability by sending a crafted 
request to the cluster management interface of an 
affected system. A successful exploit could allow 
the attacker to allow the attacker to view sensitive 
information on the affected system. 


A vulnerability in the web-based messaging 
service interface of Cisco SD-WAN vManage 
Software could allow an unauthenticated, adjacent 
attacker to bypass authentication and 
authorization and modify the configuration of an 
affected system. To exploit this vulnerability, the 
attacker must be able to access an associated 
Cisco SD-WAN vEdge device. This vulnerability is 
due to insufficient authorization checks. An 
attacker could exploit this vulnerability by sending 
crafted HTTP requests to the web-based 
messaging service interface of an affected 
system. A successful exploit could allow the 
attacker to gain unauthenticated read and write 
access to the affected vManage system. With this 
access, the attacker could access information 
about the affected vManage system, modify the 
configuration of the system, or make configuration 
changes to devices that are managed by the 
system. 
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Cisco -- sd- 


Wwan_vmanage_ software 





Multiple vulnerabilities in Cisco SD-WAN vManage 
Software could allow an unauthenticated, remote 
attacker to execute arbitrary code or gain access 
to sensitive information, or allow an authenticated, 
local attacker to gain escalated privileges or gain 
unauthorized access to the application. For more 
information about these vulnerabilities, see the 
Details section of this advisory. 


2021-05- 
06 








cisco -- sd- 


wan_vmanage_ software 


Multiple vulnerabilities in Cisco SD-WAN vManage 
Software could allow an unauthenticated, remote 
attacker to execute arbitrary code or gain access 
to sensitive information, or allow an authenticated, 
local attacker to gain escalated privileges or gain 
unauthorized access to the application. For more 
information about these vulnerabilities, see the 
Details section of this advisory. 


2021-05- 
06 


CVE-2021- 
not yet 


calculat 








CISCO -- 


small_business_series_ wir 


Multiple vulnerabilities in the web-based 
management interface of certain Cisco Small 
Business 100, 300, and 500 Series Wireless 
Access Points could allow an authenticated, 
mote_attacker to obtain sensitive information 
rOnror ieee aS ry commands on an affected 
device. For more information about these 
vulnerabilities, see the Details section of this 


advisory. 


2021-05- 
06 


CVE-2021- 
1401 
ISCO 


not yet 
calculat 








CISCO -- 


small_business_series_wir 


Multiple vulnerabilities in the web-based 
management interface of certain Cisco Small 
Business 100, 300, and 500 Series Wireless 
Access Points could allow an authenticated, 
mote_attacker to obtain sensitive information 
Se aye ality commands on an affected 
device. For more information about these 
vulnerabilities, see the Details section of this 


advisory. 


2021-05- 
06 


not yet CVE-2021- 


calculat 





CISCO -- 





telepresence_collaboration 


A vulnerability in the video endpoint API (xAPI) of 
Cisco TelePresence Collaboration Endpoint (CE) 
Software and Cisco RoomOS Software could 
allow an authenticated, remote attacker to read 
arbitrary files from the underlying operating 
system. This vulnerability is due to insufficient 
atipoatidatidiwefeommand arguments. An 
attacker could exploit this vulnerability by sending 
a crafted command request to the xAPI. A 
successful exploit could allow the attacker to read 
the contents of any file that is located on the 























device filesystem. 


2021-05- 
06 
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CISCO -- 


CiSCO -- 
unified_communications_m 


CiSCO -- 
unified_communications_m 


CiSCO -- 
video_surveillance_8000 s 





nifi mmunications_man ; soar 
Haitige_COommenleavons Byeéin. This vulnerability is due to an unsecured 


TCP/IP port. An attacker could exploit this 
Vulnerability by accessing the port and restarting 
the JMX process. A successful exploit could allow 
the attacker to cause a DoS condition on an 
affected system. 











A vulnerability in the Java Management 
Extensions (JMX) component of Cisco Unified 
Communications Manager (Unified CM) and Cisco 
Unified Communications Manager Session 
Management Edition (Unified CM SME) could 
allow an authenticated, remote attacker to cause 
a denial of service (DoS) condition on an affected 





Multiple vulnerabilities in the web-based 
management interface of Cisco Unified 
Communications Manager IM &amp; Presence 
Service could allow an authenticated, remote 
attacker to conduct SQL injection attacks on an 
affected system. These vulnerabilities are due to 
Heme er validation of user-submitted parameters. 

tiacker could exploit these vulnerabilities by 
authenticating to the application and sending 
malicious requests to an affected system. A 
successful exploit could allow the attacker to 
obtain data or modify data that is stored in the 
underlying database. 


Multiple vulnerabilities in the web-based 
management interface of Cisco Unified 
Communications Manager IM &amp; Presence 
Service could allow an authenticated, remote 
attacker to conduct SQL injection attacks on an 
affected system. These vulnerabilities are due to 
Heme er validation of user-submitted parameters. 

fiacker could exploit these vulnerabilities by 
authenticating to the application and sending 
malicious requests to an affected system. A 
successful exploit could allow the attacker to 
obtain data or modify data that is stored in the 
underlying database. 


A vulnerability in the Cisco Discovery Protocol 
implementation for Cisco Video Surveillance 8000 
Series IP Cameras could allow an 
unauthenticated, adjacent attacker to cause an 
affected IP camera to reload. This vulnerability is 
due to missing checks when processing Cisco 
Discovery Protocol messages. An attacker could 
exploit this vulnerability by sending a malicious 
@edWisaovengsProtocol packet to an affected IP 
camera. A successful exploit could allow the 
attacker to cause the affected IP camera to reload 
unexpectedly, resulting in a denial of service 
(DoS) condition. Note: Cisco Discovery Protocol is 
a Layer 2 protocol. To exploit this vulnerability, an 
attacker must be in the same broadcast domain 








as the affected device (Layer 2 adjacent). 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d87c65 
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A vulnerability in the web-based management 
interface of Cisco AsyncOS for Cisco Web 
Security Appliance (WSA) could allow an 
unauthenticated, remote attacker to conduct a 
cross-site scripting (XSS) attack against a user of 
the interface of an affected device. This 
vulnerability is due to improper validation of user- 
CiSCO -- supplied input in the web-based management 2021-05- 
web_security_appliance __|jinterface. An attacker could exploit this 06 
vulnerability by persuading a user to retrieve a 
crafted file that contains malicious payload and 
upload it to the affected device. A successful 
exploit could allow the attacker to execute 
arbitrary script code in the context of the affected 
interface or access sensitive, browser-based 
information. 


A vulnerability in Cisco Wide Area Application 
Services (WAAS) Software could allow an 
authenticated, local attacker to gain access to 
sensitive information on an affected device. The 
Vulnerability is due to improper input validation 
and authorization of specific commands that a 2021-05- 
laser saftwaecute within the CLI. An attacker could 06 
exploit this vulnerability by authenticating to an 
affected device and issuing a specific set of 
commands. A successful exploit could allow the 
attacker to read arbitrary files that they originally 
did not have permissions to access. 


The Package Manager of CODESYS 
Development System 3 before 3.5.17.0 does not 
check the validity of packages before installation 
and may be used to install CODESYS packages 
with malicious content. 








CiSCO -- 
wide _area_application_ser 


2021-05- 
04 


codesys -- 
automation_server 








codesys -- CODESYS Automation Server before 1.16.0 2021-05- || not yet | aR 
automation_server allows cross-site request forgery (CSRF). 03 calculat 








CODESYS Control Runtime system before 
3.5.17.0 has improper input validation. Attackers 
can send crafted communication packets to 2021-05- || not yet 
change the router's addressing scheme and may 03 calculat 
re-route, add, remove or change low level 
communication packages. 


codesys -- control_ runtime 





CODESYS Gateway 3 before 3.5.17.0 has a 


NULL pointer dereference that may result in a evel 0s- 


codesys -- gateway_3 





denial of service (DoS). ae 
craft -- craft Craft CMS before 3.6.13 has an XSS vulnerability. ee 
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Dell EMC Integrated System for Microsoft Azure 
Stack Hub, versions 1906 — 2011, contain an 








ISI_PRIV_LOGIN_CONSOLE privileges to 
escalate privileges. 


dell -- undocumented default iDRAC account. A remote |} 2021-05- || not yet — 
emc_integrated_system unauthenticated attacker, with the knowledge of 06 calculat ISC 

the default credentials, could potentially exploit = 

this to log in to the system to gain root privileges. 

Dell PowerScale OneFS 8.1.0-9.1.0 contain an 

improper neutralization of special elements used 

in an OS command vulnerability. This vulnerability 2021-05- || not vet CVE-2021- 
dell -- powerscale_onefs _ ||may allow an authenticated user with 06 Saieaet 1527 

ISI_PRIV_LOGIN_SSH or ISC 





dell -- powerscale_onefs 





Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain 
an improper neutralization of special elements 
used in an OS command vulnerability. This 
vulnerability can allow an authenticated user with 
ISI_PRIV_LOGIN_SSH or 
ISI_PRIV_LOGIN_CONSOLE privileges to 
escalate privileges. 


2021-05- 
06 





django -- django 


django -- django 


drupal -- core 


drupal -- core 











In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 
3.2 before 3.2.1, MultiPartParser, UploadedFile, 
and FieldFile allowed directory traversal via 
uploaded files with suitably crafted file names. 


In Django 2.2 before 2.2.22, 3.1 before 3.1.10, 
and 3.2 before 3.2.2 (with Python 3.9.5+), 
URLValidator does not prohibit newlines and tabs 
(unless the URLField form field is used). If an 
application uses values with newlines in an HTTP 
response, header injection can occur. Django 
itself is unaffected because HttpResponse 
prohibits newlines in HTTP headers. 


Access bypass vulnerability in Drupal Core allows 
JSON:API when JSON:API is in read/write mode. 
Only sites that have the read_only set to FALSE 
under jsonapi.settings config are vulnerable. This 
issue affects: Drupal Drupal Core 8.8.x versions 
prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.x 
versions prior to 9.0.1. 


Open Redirect vulnerability in Drupal Core allows 
a user to be tricked into visiting a specially crafted 
link which would redirect them to an arbitrary 
external URL. This issue affects: Drupal Drupal 
Core 7 version 7.70 and prior versions. 
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Arbitrary PHP code execution vulnerability in 
Drupal Core under certain circumstances. An 
attacker could trick an administrator into visiting a 
malicious site that could result in creating a 
carefully named directory on the file system. With 
drupal -- core this directory in place, an attacker could attempt to 
brute force a remote code execution vulnerability. 
Windows servers are most likely to be affected. 
This issue affects: Drupal Drupal Core 8.8.x 
versions prior to 8.8.8; 8.9.x versions prior to 
8.9.1; 9.0.1 versions prior to 9.0.1. 


An SSRF issue in Open Distro for Elasticsearch 
(ODFE) before 1.13.1.0 allows an existing 





2021-05- 
05 








elasticsearch -- privileged user to enumerate listening services or || 2021-05- 
elasticsearch interact with configured resources via HTTP 06 
requests exceeding the Alerting plugin's intended 
scope. 








A Cross-site scripting (XSS) vulnerability in the 
DocumentAction component of U.S. National 


emissary -- emissary Security Agency (NSA) Emissary 5.9.0 allows 2021-05- 





remote attackers to inject arbitrary web script or oe 

HTML via the uuid parameter. 

U.S. National Security Agency (NSA) Emissary 2021-05- 
emissary -- emissary 5.9.0 allows an authenticated user to upload 07 

arbitrary files. 

The ConsoleAction component of U.S. National 

Security Agency (NSA) Emissary 5.9.0 allows a 2021-05- 
emissary -- emissary CSRF attack that results in injecting arbitrary 07 


Ruby code (for an eval call) via the 
CONSOLE_COMMAND_ STRING parameter. 


The ConfigFileAction component of U.S. National 
Security Agency (NSA) Emissary 5.9.0 allows an_ || 2021-05- 
authenticated user to read arbitrary files via the 07 

ConfigName parameter. 


emissary -- emissary 





U.S. National Security Agency (NSA) Emissary 
5.9.0 allows an authenticated user to delete 
arbitrary files. 


2021-05- 


emissary -- emissary 07 








emlog v5.3.1 and emlog v6.0.0 have a Remote 
emlog -- emlog Code Execution vulnerability due to upload of 
database backup file in admin/data.php. 


An issue was discovered in Emote Remote Mouse 
through 4.0.0.0. Attackers can retrieve recently 
used and running applications, their icons, and 


2021-05- 


not yet oo 
calculat ISC 


06 








emote -- remote_mouse 2021-05- 


their file paths. This information is sent in cleartext Oe 

and is not protected by any authentication logic. 

An issue was discovered in Emote Remote Mouse 

through 4.0.0.0. Remote unauthenticated users 2021-05- 
emote -- remote_mouse can execute arbitrary code via crafted UDP 07 


packets with no prior authorization or 
authentication. 


























https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d87c65 19/53 


5/10/2021 


Primary 
Vendor -- Product 


Vulnerability Summary for the Week of May 3, 2021 


Description 


Published 


CVvSss Source & 
Score Patch Info 





An issue was discovered in Emote Remote Mouse 
through 4.0.0.0. It uses cleartext HTTP to check, 











This information is sent in cleartext and is not 
protected by any authentication logic. 


emote -- remote mouse _ 29d request, updates. Thus, attackers can 2021-05- || not yet 
— machine-in-the-middle a victim to download a 07 calculat 
malicious binary in place of the real update, with 
no SSL errors or warnings. 
An issue was discovered in Emote Remote Mouse 
through 4.0.0.0. Attackers can maximize or 
emote Remote mouse minimize the window of a running process by 2021-05- || not yet 
= sending the process name in a crafted packet. 07 calculat 








emote -- remote_mouse 


emote -- remote_mouse 


€rp_poOs -- erp _pos 


erp_PpoOs -- erp_pos 


esri -- arcgis_earth 





An issue was discovered in Emote Remote Mouse 
through 3.015. Attackers can close any running 
process by sending the process name ina 
specially crafted packet. This information is sent in 
cleartext and is not protected by any 
authentication logic. 


An issue was discovered in Emote Remote Mouse 
through 4.0.0.0. Authentication Bypass can occur 
via Packet Replay. Remote unauthenticated users 
can execute arbitrary code via crafted UDP 
packets even when passwords are set. 


Special characters of ERP POS news page are 
not filtered in users’ input, which allow remote 
authenticated attackers can inject malicious 
JavaScript and carry out stored XSS (Stored 
Cross-site scripting) attacks, additionally access 
and manipulate customer’s information. 


Special characters of ERP POS customer profile 
page are not filtered in users’ input, which allow 
remote authenticated attackers can inject 
malicious JavaScript and carry out stored XSS 
(Stored Cross-site scripting) attacks, additionally 
access and manipulate customer’s information. 


A path traversal vulnerability exists in Esri ArcGIS 
Earth versions 1.11.0 and below which allows 
arbitrary file creation on an affected system 
through crafted input. An attacker could exploit 
this vulnerability to gain arbitrary code execution 
under security context of the user running ArcGIS 
Earth by inducing the user to upload a crafted file 
to an affected system. 
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esri -- 
arcgis_geoevent_server 








ArcGIS GeoEvent Server versions 10.8.1 and 
below has a read-only directory path traversal 
Vulnerability that could allow an unauthenticated, 
remote attacker to perform directory traversal 
attacks and read arbitrary files on the system. 
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eventlet -- eventlet 


Eventlet is a concurrent networking library for 
Python. A websocket peer may exhaust memory 
on Eventlet side by sending very large websocket 
frames. Malicious peer may exhaust memory on 
Eventlet side by sending highly compressed data 
frame. A patch in version 0.31.0 restricts 
websocket frame to reasonable limits. As a 
workaround, restricting memory usage via OS 
limits would help against overall machine 
exhaustion, but there is no workaround to protect 
Eventlet process. 
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ewelink -- ewelink 


Unconstrained Web access to the device's private 
encryption key in the QR code pairing mode in the 
eWeLink mobile application (through 4.9.2 on 
Android and through 4.9.1 on iOS) allows a 
physically proximate attacker to eavesdrop on Wi- 
Fi credentials and other sensitive information by 
monitoring the Wi-Fi spectrum during a device 
pairing process. 
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forkcms -- forkcms 


Cross-site request forgery (CSRF) in Fork-CMS 
before 5.8.2 allow remote attackers to hijack the 
authentication of logged administrators. 
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forkcms -- forkcms 


foxit -- reader 


foxit -- reader 





Persistent Cross-site scripting vulnerability on 
Fork CMS version 5.8.2 allows remote attackers 
to inject arbitrary Javascript code via the 
"navigation_title" parameter and the "title" 
parameter in /private/en/pages/add. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.1.37576. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of U3D objects in PDF files. The issue 
results from the lack of proper validation of user- 
supplied data, which can result in a write past the 
end of an allocated data structure. An attacker 
can leverage this vulnerability to execute code in 
the context of the current process. Was ZDI-CAN- 
13239. 


This vulnerability allows remote attackers to 
disclose sensitive information on affected 
installations of Foxit Reader 10.1.1.37576. User 
interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open 
a malicious file. The specific flaw exists within the 
handling of U3D objects embedded in PDF files. 
The issue results from the lack of proper 
validation of user-supplied data, which can result 
in a read past the end of an allocated object. An 
attacker can leverage this in conjunction with 
other vulnerabilities to execute arbitrary code in 
the context of the current process. Was ZDI-CAN- 














13269. 
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foxit -- reader 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.1.37576. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of the Decimal element. A crafted 
leadDigits value in a Decimal element can trigger 
an overflow of a fixed-length heap-based buffer. 
An attacker can leverage this vulnerability to 
execute arbitrary code in the context of the current 
process. Was ZDI-CAN-13095. 





2021-05- 
07 





foxit -- reader 


foxit -- reader 


foxit -- reader 








This vulnerability allows remote attackers to 
disclose sensitive information on affected 
installations of Foxit Reader 10.1.3.37598. User 
interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open 
a malicious file. The specific flaw exists within the 
handling of U3D files embedded in PDF 
documents. The issue results from the lack of 
proper validation of user-supplied data, which can 
result in a read past the end of an allocated 
object. An attacker can leverage this in 
conjunction with other vulnerabilities to execute 
arbitrary code in the context of the current 
process. Was ZDI-CAN-13621. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.3.37598. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of U3D files embedded in PDF 
documents. The issue results from the lack of 
proper validation of user-supplied data, which can 
result in a read past the end of an allocated data 
structure. An attacker can leverage this 
vulnerability to execute code in the context of the 
current process. Was ZDI-CAN-13620. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.3.37598. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of U3D objects in PDF files. The issue 
results from the lack of proper validation of user- 
supplied data, which can result in a write past the 
end of an allocated data structure. An attacker 
can leverage this vulnerability to execute code in 
the context of the current process. Was ZDI-CAN- 














13582. 
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foxit -- reader 


foxit -- reader 


foxit -- reader 


foxit -- reader 








This vulnerability allows remote attackers to 
disclose sensitive information on affected 
installations of Foxit Reader 10.1.1.37576. User 
interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open 
a malicious file. The specific flaw exists within the 
handling of U3D objects embedded in PDF files. 
The issue results from the lack of proper 
validation of user-supplied data, which can result 
in a read past the end of an allocated object. An 
attacker can leverage this in conjunction with 
other vulnerabilities to execute arbitrary code in 
the context of the current process. Was ZDI-CAN- 
13240. 


This vulnerability allows remote attackers to 
disclose sensitive information on affected 
installations of Foxit Reader 10.1.3.37598. User 
interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open 
a malicious file. The specific flaw exists within the 
handling of U3D objects embedded in PDF files. 
The issue results from the lack of proper 
validation of user-supplied data, which can result 
in a read past the end of an allocated object. An 
attacker can leverage this in conjunction with 
other vulnerabilities to execute arbitrary code in 
the context of the current process. Was ZDI-CAN- 
13574. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.1.37576. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of XFA forms. The issue results from the 
lack of validating the existence of an object prior 
to performing operations on the object. An 
attacker can leverage this vulnerability to execute 
code in the context of the current process. Was 
ZDI-CAN-13084. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.1.37576. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of XFA Forms. The issue results from the 
lack of validating the existence of an object prior 
to performing operations on the object. An 
attacker can leverage this vulnerability to execute 
code in the context of the current process. Was 











ZDI-CAN-13162. 
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foxit -- reader 


foxit -- reader 


foxit -- reader 


foxit -- reader 








This vulnerability allows remote attackers to 
disclose sensitive information on affected 
installations of Foxit Reader 10.1.3.37598. User 
interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open 
a malicious file. The specific flaw exists within the 
handling of U3D objects embedded in PDF files. 
The issue results from the lack of proper 
validation of user-supplied data, which can result 
in a read past the end of an allocated object. An 
attacker can leverage this in conjunction with 
other vulnerabilities to execute arbitrary code in 
the context of the current process. Was ZDI-CAN- 
13572. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.1.37576. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of XFA forms. The issue results from the 
lack of validating the existence of an object prior 
to performing operations on the object. An 
attacker can leverage this vulnerability to execute 
code in the context of the current process. Was 
ZDI-CAN-13100. 


This vulnerability allows remote attackers to 
disclose sensitive information on affected 
installations of Foxit Reader 10.1.1.37576. User 
interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open 
a malicious file. The specific flaw exists within the 
handling of U3D objects embedded in PDF files. 
The issue results from the lack of proper 
validation of user-supplied data, which can result 
in a read past the end of an allocated object. An 
attacker can leverage this in conjunction with 
other vulnerabilities to execute arbitrary code in 
the context of the current process. Was ZDI-CAN- 
13241. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.1.37576. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of U3D objects in PDF files. The issue 
results from the lack of proper validation of user- 
supplied data, which can result in a write past the 
end of an allocated data structure. An attacker 
can leverage this vulnerability to execute code in 
the context of the current process. Was ZDI-CAN- 
13011. 
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foxit -- reader 


foxit -- reader 


foxit -- reader 


foxit -- reader 











This vulnerability allows remote attackers to 
disclose sensitive information on affected 
installations of Foxit Reader 10.1.1.37576. User 
interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open 
a malicious file. The specific flaw exists within the 
handling of U3D objects embedded in PDF files. 
The issue results from the lack of proper 
validation of user-supplied data, which can result 
in a read past the end of an allocated object. An 
attacker can leverage this in conjunction with 
other vulnerabilities to execute arbitrary code in 
the context of the current process. Was ZDI-CAN- 
12955. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.1.37576. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of Annotation objects. The issue results 
from the lack of validating the existence of an 
object prior to performing operations on the 
object. An attacker can leverage this vulnerability 
to execute code in the context of the current 
process. Was ZDI-CAN-13102. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.1.37576. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of Annotation objects. The issue results 
from the lack of validating the existence of an 
object prior to performing operations on the 
object. An attacker can leverage this vulnerability 
to execute code in the context of the current 
process. Was ZDI-CAN-13089. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.1.37576. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of XFA Forms. The issue results from the 
lack of validating the existence of an object prior 
to performing operations on the object. An 
attacker can leverage this vulnerability to execute 
code in the context of the current process. Was 
ZDI-CAN-13092. 
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foxit -- reader 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.1.37576. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of XFA forms. The issue results from the 
lack of proper validation of user-supplied data, 
which can result in a write past the end of an 
allocated data structure. An attacker can leverage 
this vulnerability to execute code in the context of 
the current process. Was ZDI-CAN-13091. 
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foxit -- reader 











This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.1.37576. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of U3D objects embedded in PDF files. 
The issue results from the lack of validating the 
existence of an object prior to performing further 
free operations on the object. An attacker can 
leverage this vulnerability to execute code in the 
context of the current process. Was ZDI-CAN- 
13280. 


This vulnerability allows remote attackers to 
disclose sensitive information on affected 
installations of Foxit Reader 10.1.1.37576. User 
interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open 
a malicious file. The specific flaw exists within the 
handling of U3D objects embedded in PDF files. 
The issue results from the lack of proper 
validation of user-supplied data, which can result 
in a read past the end of an allocated object. An 
attacker can leverage this in conjunction with 
other vulnerabilities to execute arbitrary code in 
the context of the current process. Was ZDI-CAN- 
13273. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.1.37576. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of Annotation objects. The issue results 
from the lack of validating the existence of an 
object prior to performing operations on the 
object. An attacker can leverage this vulnerability 
to execute code in the context of the current 
process. Was ZDI-CAN-13147. 
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foxit -- reader 


foxit -- reader 


foxit -- reader 


foxit -- reader 











This vulnerability allows remote attackers to 
disclose sensitive information on affected 
installations of Foxit Reader 10.1.1.37576. User 
interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open 
a malicious file. The specific flaw exists within the 
handling of U3D objects embedded in PDF files. 
The issue results from the lack of proper 
validation of user-supplied data, which can result 
in a read past the end of an allocated object. An 
attacker can leverage this in conjunction with 
other vulnerabilities to execute arbitrary code in 
the context of the current process. Was ZDI-CAN- 
12936. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.1.37576. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of U3D objects in PDF files. The issue 
results from the lack of validating the existence of 
an object prior to performing operations on the 
object. An attacker can leverage this vulnerability 
to execute code in the context of the current 
process. Was ZDI-CAN-12947. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.1.37576. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of Annotation objects. The issue results 
from the lack of validating the existence of an 
object prior to performing operations on the 
object. An attacker can leverage this vulnerability 
to execute code in the context of the current 
process. Was ZDI-CAN-13101. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.1.37576. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
the handling of app.media objects. The issue 
results from the lack of proper validation of user- 
supplied data, which can result in a type confusion 
condition. An attacker can leverage this 
vulnerability to execute code in the context of the 
current process Was ZDI-CAN-13333. 
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foxit -- reader 


foxit -- reader 


foxit -- reader 


foxit -- reader 











This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.3.37598. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of U3D objects in PDF files. The issue 
results from the lack of proper validation of user- 
supplied data, which can result in a read past the 
end of an allocated data structure. An attacker 
can leverage this vulnerability to execute code in 
the context of the current process. Was ZDI-CAN- 
13583. 


This vulnerability allows remote attackers to 
disclose sensitive information on affected 
installations of Foxit Reader 10.1.1.37576. User 
interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open 
a malicious file. The specific flaw exists within the 
handling of U3D objects embedded in PDF files. 
The issue results from the lack of proper 
validation of user-supplied data, which can result 
in a read past the end of an allocated object. An 
attacker can leverage this in conjunction with 
other vulnerabilities to execute arbitrary code in 
the context of the current process. Was ZDI-CAN- 
13245. 


This vulnerability allows remote attackers to 
disclose sensitive information on affected 
installations of Foxit Reader 10.1.1.37576. User 
interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open 
a malicious file. The specific flaw exists within the 
handling of U3D objects embedded in PDF files. 
The issue results from the lack of proper 
validation of user-supplied data, which can result 
in a read past the end of an allocated object. An 
attacker can leverage this in conjunction with 
other vulnerabilities to execute arbitrary code in 
the context of the current process. Was ZDI-CAN- 
13244. 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.1.37576. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
processing of XFA templates. The issue results 
from the lack of validating the existence of an 
object prior to performing operations on the 
object. An attacker can leverage this vulnerability 
to execute code in the context of the current 
process. Was ZDI-CAN-13096. 











https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d87c65 





2021-05- 
07 


2021-05- 
07 


2021-05- 
07 


2021-05- 
07 











28/53 


5/10/2021 


Primary 
Vendor -- Product 


Vulnerability Summary for the Week of May 3, 2021 


Description 


Published 


CVvSss Source & 
Score Patch Info 





foxit -- reader 


This vulnerability allows remote attackers to 
execute arbitrary code on affected installations of 
Foxit Reader 10.1.1.37576. User interaction is 
required to exploit this vulnerability in that the 
target must visit a malicious page or open a 
malicious file. The specific flaw exists within the 
handling of Annotation objects. The issue results 
from the lack of validating the existence of an 
object prior to performing operations on the 
object. An attacker can leverage this vulnerability 
to execute code in the context of the current 
process. Was ZDI-CAN-13150. 
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foxit -- reader 


git-parse -- git-parse 


This vulnerability allows remote attackers to 
disclose sensitive information on affected 
installations of Foxit Reader 10.1.3.37598. User 
interaction is required to exploit this vulnerability in 
that the target must visit a malicious page or open 
a malicious file. The specific flaw exists within the 
handling of U3D objects embedded in PDF files. 
The issue results from the lack of proper 
validation of user-supplied data, which can result 
in a read past the end of an allocated object. An 
attacker can leverage this in conjunction with 
other vulnerabilities to execute arbitrary code in 
the context of the current process. Was ZDI-CAN- 
13573. 


The "gitDiff" function in Wayfair git-parse <=1.0.4 
has a command injection vulnerability. Clients of 
the git-parse library are unlikely to be aware of 
this, so they might unwittingly write code that 
contains a vulnerability. 
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gitlab -- ce/ee 


An issue has been discovered in GitLab CE/EE 
affecting all versions starting from 13.2. When 
querying the repository branches through API, 
GitLab was ignoring a query parameter and 
returning a considerable amount of results. 
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gitlab -- ce/ee 


gitlab -- ce/ee 


gitlab -- gitlab 


gitlab -- gitlab 








An issue has been discovered in GitLab CE/EE 
affecting all versions starting from 13.7. GitLab 
Dependency Proxy, under certain circumstances, 
can impersonate a user resulting in possibly 
incorrect access handling. 





An issue has been discovered in GitLab CE/EE 
affecting all versions starting from 13.8. GitLab 
was not properly validating authorisation tokens 
which resulted in GraphQL mutation being 
executed. 


An issue has been discovered in GitLab affecting 
versions starting with 13.5 up to 13.9.7. Improper 
permission check could allow the change of 
timestamp for issue creation or update. 


An issue has been discovered in GitLab affecting 
all versions starting from 11.6. Pull mirror 
credentials are exposed that allows other 
maintainers to be able to view the credentials in 











plain-text, 
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The gnuplot package prior to version 0.1.0 for 











gnuplot -- gnuplot Node.js allows code execution via shell mer Lae 
metacharacters in Gnuplot commands. 
The affected product allows attackers to obtain 
sensitive information from the WISE-PaaS 
dashboard. The system contains a hard-coded 2021-05- || not vet |[CVE=2921- 
grafana -- wise-paas administrator username and password that can be 07 ial 7437 
used to query Grafana APIs. Authentication is not ISC 


required for exploitation on the WISE-PaaS/RMM 
(versions prior to 9.0.1). 





hashicorp -- hashicorp 


hewlett_packard_enterprise 


edgeline_infrastructure_ma 


highcharts -- highcharts 


hongdian -- 
h8922_ 3.0.5 devices 


hongdian -- 
h8922_ 3.0.5 devices 








https://content.govdelivery.com/account 


HashiCorp vault-action (aka Vault GitHub Action) 
before 2.2.0 allows attackers to obtain sensitive 
information from log files because a multi-line 
secret was not correctly registered with GitHub 
Actions for log masking. 


A security vulnerability has been identified in the 
HPE Edgeline Infrastructure Manager, also known 
as HPE Edgeline Infrastructure Management 
Software, prior to version 1.22. The vulnerability 
could be remotely exploited to bypass remote 
auth ntication leading to execution of arbitrary 
commands, gaining privileged access, causing 
denial of service, and changing the configuration. 
HPE has released a software update to resolve 
the vulnerability in the HPE Edgeline 
Infrastructure Manager. 


Highcharts JS is a JavaScript charting library 
based on SVG. In Highcharts versions 8 and 
earlier, the chart options structure was not 
systematically filtered for XSS vectors. The 
potential impact was that content from untrusted 
sources could execute code in the end user's 
browser. The vulnerability is patched in version 9. 
As a workaround, implementers who are not able 
to upgrade may apply DOMPurify recursively to 
the options structure to filter out malicious 
markup. 


Hongdian H8922 3.0.5 devices allow Directory 
Traversal. The /log_download.cgi log export 
handler does not validate user input and allows a 
remote attacker with minimal privileges to 
download any file from the device by substituting 
../ (e.g., ../../etc/passwd) This can be carried out 
with a web browser by changing the file name 
accordingly. Upon visiting log_download.cgi? 
type=../../etc/passwd and logging in, the web 
erver will allow a download of the contents of the 
/etc/passwd file. 


Hongdian H8922 3.0.5 devices allow the 
unprivileged guest user to read cli.conf (with the 
administrator password and other sensitive data) 


n 











Via /backup2.cgi. 
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Hongdian H8922 3.0.5 devices allow OS 
command injection via shell metacharacters into 












service is used on port 5188 with the default 
credentials of root:superzxmn. 


hongdian -- : mae: : 2021-05- || not yet 
. the ip-address (aka Destination) field to the 
nEQE Swe AGNIESS tools.cgi ping command, which is accessible with me sere 
the username guest and password guest. 
Hongdian H8922 3.0.5 devices have an 
: undocumented feature that allows access to a 
ee Meese shell as a superuser. To connect, the telnet ard Lai 








ibm -- 
robotic_process_automatio 


ibm -- 
tivoli_storage_manager 


impacket -- impacket 


iwt_ltd -- 
facesentry_access_control 


jeecg -- jeecg 








IBM Robotic Process Automation with Automation 
Anywhere 11.0 could allow an attacker on the 
network to obtain sensitive information or cause a 
denial of service through username enumeration. 
IBM X-Force ID: 190992. 


** UNSUPPORTED WHEN ASSIGNED * The ‘id’ 
parameter of IBM Tivoli Storage Manager Version 
5 Release 2 (Command Line Administrative 
Interface, dsmadmc.exe) is vulnerable to an 
exploitable stack buffer overflow. Note: the 
vulnerability can be exploited when it is used in 
"interactive" mode while, cause of a max number 
characters limitation, it cannot be exploited in 
batch or command line usage (e.g. dsmadmc.exe 
-id=username -password=pwd). NOTE: This 
vulnerability only affects products that are no 
longer supported by the maintainer. 


Multiple path traversal vulnerabilities exist in 
smbserver.py in Impacket through 0.9.22. An 
attacker that connects to a running smbserver 
instance can list and write to arbitrary files via ../ 
directory traversal. This could potentially be 
abused to achieve arbitrary code execution by 
replacing /etc/shadow or an SSH authorized key. 


iWT Ltd FaceSentry Access Control System 6.4.8 
suffers from an authenticated OS command 
injection vulnerability using default credentials. 
Sysseran be exploited to inject and execute 
arbitrary shell commands as the root user via the 
‘strinIP' POST parameter in pingTest PHP script. 


Unrestricted File Upload in JEECG v4.0 and 
earlier allows remote attackers to execute 
arbitrary code or gain privileges by uploading a 
crafted file to the component 
"jeecgFormDemoController.do?commonUpload". 
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jellyfin -- jellyfin 


jira -- confluence_server 


Jellyfin is a free software media system that 
provides media from a dedicated server to end- 
user devices via multiple apps. Verions prior to 
10.7.3 vulnerable to unauthenticated Server-Side 
Request Forgery (SSRF) attacks via the imageUrl 
parameter. This issue potentially exposes both 
internal and external HTTP servers or other 
resources available via HTTP “GET that are 
visible from the Jellyfin server. The vulnerability is 
patched in version 10.7.3. As a workaround, 
disable external access to the API endpoints 
*/Items/*/Remotelmages/Download’, 
*/Items/RemoteSearch/Image” and 
‘/Images/Remote’ via reverse proxy, or limit to 
known-friendly IPs. 


Affected versions of Team Calendar in Confluence 
Server before 7.11.0 allow attackers to inject 
arbitrary HTML or Javascript via a Cross Site 
Scripting Vulnerability in admin global setting 
parameters. 








2021-05- 
06 


2021-05- 
07 








\jira -- confluence_server 


Affected versions of Confluence Server before 
7.11.0 allow attackers to identify internal hosts 
and ports via a blind server-side request forgery 
vulnerability in Team Calendars parameters. 


2021-05- 
07 


CVE-2020- 
9445 
N/A 


not yet 
calculat 





kennnyshiwa-cogs -- 
kennnyshiwa-cogs 





Kennnyshiwa-cogs contains cogs for Red 
Discordbot. An RCE exploit has been found in the 
Tickets module of kennnyshiwa-cogs. This exploit 
allows discord users to craft a message that can 
reveal sensitive and harmful information. Users 
can upgrade to version 
5a84d60018468e5c0346f7ee74b2b4650a6dade7 
to receive a patch or, as a workaround, unload 
tickets to render the exploit unusable. 


2021-05- 
06 





libaom -- libaom 


libgetdata -- ibgetdata 


libre -- wireless_Is9 








aom_image.c in libaom in AOMedia before 2021- 
04-07 frees memory that is not located on the 
heap. 


[A heap memory corruption problem (use after 
free) can be triggered in libgetdata v0.10.0 when 
processing maliciously crafted dirfile databases. 
This degrades the confidentiality, integrity and 
availability of third-party software that uses 
libgetdata as a library. This vulnerability may lead 
to arbitrary code execution or privilege escalation 
depending on input/skills of attacker. 


An issue was discovered on Libre Wireless LS9 
LS1.5/p7040 devices. There is Unauthenticated 
Root ADB Access Over TCP. The LS9 web 
interface provides functionality to access ADB 
over TCP. This is not enabled by default, but can 
be enabled by sending a crafted request to a web 
management interface endpoint. Requests made 
to this endpoint do not require authentication. As 
such, any unauthenticated user who is able to 
access the web interface will be able to gain root 
privileges on the LS9 module. 
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libre -- wireless_Is9 


An issue was discovered on Libre Wireless LS9 
LS1.5/p7040 devices. There is a Authentication 
Bypass in the Web Interface. This interface does 
not properly restrict access to internal 
functionality. Despite presenting a password login 
page on first access, authentication is not required 
to access privileged functionality. As such, it's 
possible to directly access APls that should not be 
exposed to an unauthenticated user. 





2021-05- 
03 





libre -- wireless_Is9 


An issue was discovered on Libre Wireless LS9 
LS1.5/p7040 devices. There is a luci_service 
GETPASS Configuration Password Information 
Leak. The luci_service daemon running on port 
7777 does not require authentication to return the 
device configuration password in cleartext when 
using the GETPASS command. As such, any 
unauthenticated person with access to port 7777 
on the device will be able to leak the user's 
personal device configuration password by issuing 
the GETPASS command. 





2021-05- 
03 





libre -- wireless_Is9 


An issue was discovered on Libre Wireless LS9 
LS1.5/p7040 devices. There is a luci_service 
Read_ NVRAM Direct Access Information Leak. 
The luci_service deamon running on port 7777 
provides a sub-category of commands for which 
Read_ is prepended. Commands in this category 
are able to directly read the contents of the device 
configuration NVRAM. The NVRAM contains 
sensitive information, such as the Wi-Fi password 
(in cleartext), as well as connected account 
tokens for services such as Spotify. 





2021-05- 
03 





libreoffice -- libreoffice 


In the LibreOffice 7-1 series in versions prior to 
7.1.2, and in the 7-0 series in versions prior to 
7.0.5, the denylist can be circumvented by 
manipulating the link so it doesn't match the 
denylist but results in ShellExecute attempting to 
launch an executable type. 


2021-05- 
03 


not yet 
calculat 








linux -- linux_kernel 


An out-of-bounds (OOB) memory write flaw was 
found in list_devices in drivers/md/dm-ioctl.c in the 
Multi-device driver module in the Linux kernel 
before 5.12. A bound check failure allows an 
attacker with special user (CAP_SYS_ADMIN) 
privilege to gain access to out-of-bounds memory 
leading to a system crash or a leak of internal 
kernel information. The highest threat from this 
vulnerability is to system availability. 


2021-05- 
06 


not yet 
calculat 





linux -- linux_kernel 








An out-of-bounds (OOB) memory access flaw was 
found in x25_bind in net/x25/af_x25.c in the Linux 
kernel version v5.12-rc5. A bounds check failure 
allows a local attacker with a user account on the 
system to gain access to out-of-bounds memory, 
leading to a system crash or a leak of internal 
kernel information. The highest threat from this 
vulnerability is to confidentiality, integrity, as well 








as system availability. 





2021-05- 
06 
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linux -- linux_kernel 


A flaw was found in the Linux kernel in versions 
before 5.12. The value of internal.ndata, in the 
KVM API, is mapped to an array index, which can 
be updated by a user process at anytime which 
could lead to an out-of-bounds write. The highest 
threat from this vulnerability is to data integrity and 
system availability. 





2021-05- 
06 





linux -- linux_kernel 


kernel/bpf/verifier.c in the Linux kernel through 
5.12.1 performs undesirable speculative loads, 
leading to disclosure of stack content via side- 
channel attacks, aka CID-801c6058d14a. The 
specific concern is not protecting the BPF stack 
area against speculative loads. Also, the BPF 
stack can contain uninitialized data that might 
represent sensitive information previously 
operated on by the kernel. 


2021-05- 
06 


not yet 
calculat 








livinglogic -- livinglogic 


LivingLogic XIST4C before 0.107.8 allows XSS 
via feedback.htm or feedback.wihtm. 


2021-05- 
07 


not yet 
calculat 





livinglogic -- livinglogic 


mapserver -- mapserver 


mikrotik -- routeros 


mikrotik -- routeros 


LivingLogic XIST4C before 0.107.8 allows XSS 
via login.htm, login.wihtm, or login-form.htm. 


MapServer before 7.0.8, 7.1.x and 7.2.x before 
7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 
7.6.x before 7.6.3 does not properly enforce the 
MS_MAP_NO_PATH and MS_ MAP_PATTERN 
restrictions that are intended to control the 
locations from which a mapfile may be loaded 
(with MapServer CGl). 


Mikrotik RouterOs 6.44.6 (long-term tree) suffers 
from a memory corruption vulnerability in the 
/nova/bin/traceroute process. An authenticated 
remote attacker can cause a Denial of Service 
due via the loop counter variable. 


Mikrotik RouterOs before 6.46.5 (stable tree) 
suffers from a memory corruption vulnerability in 
the /nova/bin/traceroute process. An 
authenticated remote attacker can cause a Denial 
of Service due via the loop counter variable. 








2021-05- 
07 


2021-05- 
06 


2021-05- 
03 


2021-05- 
03 











mixme -- mixme 


Mixme is a library for recursive merging of 
Javascript objects. In Node.js mixme v0.5.0, an 
attacker can add or alter properties of an object 
via 'proto' through the mutate() and merge() 
functions. The polluted attribute will be directly 
assigned to every object in the program. This will 
put the availability of the program at risk causing a 
potential denial of service (DoS). The problem is 
corrected starting with version 0.5.1; no 








workarounds are known to exist. 
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mixme -- mixme 


In Node.js mixme, prior to v0.5.1, an attacker can 
add or alter properties of an object via’ proto __ 
through the mutate() and merge() functions. The 

polluted attribute will be directly assigned to every 
object in the program. This will put the availability 

of the program at risk causing a potential denial of 
service (DoS). 





2021-05- 
03 








modsecurity -- modsecurity 


ModSecurity 3.x before 3.0.4 mishandles key- 
value pair parsing, as demonstrated by a "string 
index out of range" error and worker-process 
crash for a "Cookie: =abc" header. 


2021-05- 
06 


CVE-2019- 
5043 
ISC 


not yet 
calculat 





mutt -- mutt 


nightowl -- wdb-2- 
v2_devices 


nim -- nim 


nxp -- 
lpc55s6x_microcontrollers 








Mutt 1.11.0 through 2.0.x before 2.0.7 (and 
NeoMutt 2019-10-25 through 2021-05-04) has a 
$imap_qresync issue in which imap/util.c has an 
out-of-bounds read in situations where an IMAP 
sequence set ends with a comma. NOTE: the 
$imap_qresync setting for QRESYNC is not 
enabled by default. 


An issue exists on NightOwl WDB-20-V2 WDB- 
20-V2_20190314 devices that allows an 
unauthenticated user to gain access to snapshots 
and video streams from the doorbell. The binary 
app offers a web server on port 80 that allows an 
unauthenticated user to take a snapshot from the 
doorbell camera via the /snapshot URI. 


Nim is a statically typed compiled systems 
programming language. In Nim standard library 
before 1.4.2, httpClient SSL/TLS certificate 
verification was disabled by default. Users can 
upgrade to version 1.4.2 to receive a patch or, as 
a workaround, set "verifyMode = CVerifyPeer" as 
documented. 


NXP LPC55S6x microcontrollers (OA and 1B), 
i.MX RT500 (silicon rev B1 and B2), i.MX RT600 
(silicon rev AO, BO), LPC55S6x, LPC55S2x, 
LPC552x (silicon rev OA, 1B), and LPC55S1x, 
LPC551x (silicon rev 0A) include an 
undocumented ROM patch peripheral that allows 
unsigned, non-persistent modification of the 
internal ROM. The peripheral is accessible from 
any execution mode (secure/privileged, 
secure/unprivileged, non-secure/privileged, non- 
secure/unprivileged). The ROM includes a set of 
APIs intended for use by a secure application to 
perform flash and in-application programming 
(IAP) operations. An attacker may use the ROM 
patch peripheral to modify the implementation of 
these ROM APIs from a non-secure, unprivileged 
context. If a non-secure application can also 
cause the secure application to invoke these ROM 
APIs, this provides privilege escalation and 
arbitrary code execution. 
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october -- october 


omni-directional -- omni- 


October is a free, open-source, self-hosted CMS 
platform based on the Laravel PHP Framework. A 
bypass of CVE-2020-26231 (fixed in 1.0.470/471 
and 1.1.1) was discovered that has the same 
impact as CVE-2020-26231 & CVE-2020-15247. 
An authenticated backend user with the 
“cms.manage_pages’, ‘cms.manage_layouts’, or 
“cms.manage_partials’ permissions who would 
**normally** not be permitted to provide PHP code 
to be executed by the CMS due to 
“cms.enableSafeMode’ being enabled is able to 
write specific Twig code to escape the Twig 
sandbox and execute arbitrary PHP. This is not a 
problem for anyone that trusts their users with 
those permissions to normally write & manage 
PHP within the CMS by not having 
“cms.enableSafeMode’ enabled, but would be a 
problem for anyone relying on 
“cms.enableSafeMode’ to ensure that users with 
those permissions in production do not have 
access to write & execute arbitrary PHP. Issue 
has been patched in Build 472 (v1.0.472) and 
v1.1.2. As a workaround, apply 


https://github.com/octobercms/october/commit/f6341 9ff1 e8d37 


to your installation manually if unable to upgrade 
to Build 472 or v1.1.2. 


Local File Inclusion vulnerability of the omni- 
directional communication system allows remote 











2021-05- 
03 


2021-05- 





df30deba63156a2fc97aa 


























directional authenticated attacker inject absolute path into Url 07 
parameter and access arbitrary file. 
Incorrect Access Control vulnerability in Online 
online-book-store-project --||Book Store v1.0 via admin_verify.php, which could|} 2021-05- 
online-book-store-project let a remote mailicious user bypass authentication 06 
and obtain sensitive information. = 
fe - “arniact _.|Arbitrary File Upload vulnerability in Online Book nk. CVE-2020- 
ilar Store v1.0 in admin_add.php, which may lead to a Lat ha 19113 
on remote code execution. ISC 
A SQL injection vulnerability exists (with user _ || 2021-05- |} not yet 
openemr -- openemr privileges) in interface/forms/eye_mag/save.php in 07 ealeutat 
OpenEMR 5.0.2.1. 
A Stored XSS vulnerability in 
interface/usergroup/usergroup_admin.php in 2021-05- 
openemr -- openemr OpenEMR before 5.0.2.1 allows a admin 07 
authenticated user to inject arbitrary web script or 
HTML via the Iname parameter. 
A SQL injection vulnerability exists (with user 
Sbeheni<2 SSensiir privileges) in 2021-05- 
P s library/custom_template/ajax_code.php in 07 


OpenEMR 5.0.2.1. 
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openenr -- openemr 


The Patient Portal of OpenEMR 5.0.2.1 is affected 
by a incorrect access control system in 
portal/patient/_machine_config.php. To exploit the 
Vulnerability, an unauthenticated attacker can 
register an account, bypassing the permission 
check of this portal's API. Then, the attacker can 
then manipulate and read data of every registered 
patient. 





2021-05- 
07 





openmptcprouter -- 
openmptcprouter 


omr-admin.py in openmptcprouter-vps-admin 
0.57.3 and earlier compares the user provided 
password with the original password in a length 
dependent manner, which allows remote attackers 
to guess the password via a timing attack. 


2021-05- 
06 


not yet 
calculat 








opnsense -- opensense 


path-parse -- path-parse 


pax_technology -- paxstore 


pax_technology -- paxstore 


pax_technology -- paxstore 








An open redirect issue was discovered in 
OPNsense through 20.1.5. The redirect parameter 
"url" in login page was not filtered and can redirect 
user to any website. 





All versions of package path-parse are vulnerable 
to Regular Expression Denial of Service (ReDoS) 
via splitDeviceRe, splitTailRe, and splitPathRe 
regular expressions. ReDoS exhibits polynomial 
worst-case time complexity. 


Pax Technology PAXSTORE 
v7.0.8_20200511171508 and lower is affected by 
incorrect access control that can lead to remote 
privilege escalation. PAXSTORE marketplace 
endpoints allow an authenticated user to read and 
write data not owned by them, including third- 
party users, application and payment terminals, 
where an attacker can impersonate any user 
Which may lead to the unauthorized disclosure, 
modification, or destruction of information. 


Pax Technology PAXSTORE 
v7.0.8_20200511171508 and lower is affected by 
a token spoofing vulnerability. Each payment 
terminal has a session token (called X-Terminal- 
Token) to access the marketplace. This allows the 
store to identify the terminal and make available 
the applications distributed by its reseller. By 
intercepting HTTPS traffic from the application 
store, it is possible to collect the request 
responsible for assigning the X-Terminal-Token to 
the terminal, which makes it possible to craft an X- 
Terminal-Token pretending to be another device. 
An attacker can use this behavior to authenticate 
its own payment terminal in the application store 
through token impersonation. 


Pax Technology PAXSTORE 
v7.0.8_20200511171508 and lower is affected by 
XML External Entity (XXE) injection. An 
authenticated attacker can compromise the 
private keys of a JWT token and reuse them to 
manipulate the access tokens to access the 
platform as any desired user (clients and 














administrators). 
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pax_technology -- paxstore 


pax_technology -- paxstore 


Pax Technology PAXSTORE 
v7.0.8_20200511171508 and lower is affected by 
an information disclosure vulnerability. Through 
the PUK signature functionality, an administrator 
will not have access to the current p12 certificate 
and password. When accessing this functionality, 
the administrator has the option to replace the 
current certificate and it is not possible to view the 
certificate password (p12) already deployed on 
the platform. The replacement p12 certificate 
returns to users in base64 with its password, 
which can be accessed by non-administrator 


users. 





Pax Technology PAXSTORE 
Vv7.0.8_20200511171508 and lower is affected by 
incorrect access control where password 
revalidation in sensitive operations can be 
bypassed remotely by an authenticated attacker 
through requesting the endpoint directly. 





2021-05- 
07 


2021-05- 
07 





proofpoint -- 
enterprise_protection 


Proofpoint Enterprise Protection (PPS/PoD) 
before 8.17.0 contains a vulnerability that could 
allow an attacker to deliver an email message with 
a malicious attachment that bypasses scanning 
and file-blocking rules. The vulnerability exists 
because messages with certain crafted and 
malformed multipart structures are not properly 
handled. 


2021-05- 
07 








prototype_pollution -- 
prototype_polution 


The package handlebars before 4.7.7 are 
vulnerable to Prototype Pollution when selecting 
certain compiling options to compile templates 
coming from an untrusted source. 


2021-05- 
04 





calculat 





puppycms -- puppycms 


puppycms -- puppycms 


puppycms -- puppycms 


Cross Site Request Forgery (CSRF) vulnerability 
in puppyCMS v5.1 that can change the admin's 
password via /admin/settings.php. 


Rmote Code Execution (RCE) vulnerability in 
puppyCMS v5.1 due to insecure permissions, 
which could let a remote malicious user getshell 
via /admin/functions.php. 

Arbitrary File Deletion vulnerability in puppyCMS 
V5.1 allows remote malicious attackers to delete 
the file/folder via /admin/functions.php. 





2021-05- 
06 


not yet 
calculate 


2021-05- 
06 


2021-05- 
06 


not yet 
calculate 


CVE-2020- 
18889 
ISC 





CVE-2020- 
18888 
ISC 











python -- stdlib_ipaddress 


Improper input validation of octal strings in Python 
stdlib ipaddress 3.10 and below allows 
unauthenticated remote attackers to perform 
indeterminate SSRF, RFI, and LFl attacks on 
many programs that rely on Python stdlib 
ipaddress. IP address octects are left stripped 
instead of evaluated as valid IP addresses. 











https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d87c65 





2021-05- 
06 











38/53 


5/10/2021 


Primary 
Vendor -- Product 


Vulnerability Summary for the Week of May 3, 2021 


Description 


Published 


CVvSss Source & 
Score Patch Info 





qemu -- qemu 


A heap buffer overflow was found in the floppy 
disk emulator of QEMU up to 6.0.0 (including). It 
could occur in fdctrl_transfer_handler() in 
hw/block/fdc.c while processing DMA read data 
transfers from the floppy drive to the guest 
system. A privileged guest user could use this 
flaw to crash the QEMU process on the host 
resulting in DoS scenario, or potential information 
leakage from the host memory. 





2021-05- 
06 








Histogram type KPI was teardown with the 
assumption of the existence of histogram binning 








Snapdragon Consumer IOT, Snapdragon 
Industrial IOT, Snapdragon Mobile 


info and will lead to null pointer access when CVE-2020- 

Cae a oaedon arod histogram binning info is missing due to lack of aa Fae 1273 
= = null check in Snapdragon Auto, Snapdragon ONFIRM 

Compute, Snapdragon Connectivity, Snapdragon 

Mobile 

Use after free in camera If the threadmanager is 

being cleaned up while the worker thread is CVE-2020- 
qualcomm -- processing objects in Snapdragon Auto, 2021-05- || not yet 41295 
multiple_snapdragon_produw&sapdragon Compute, Snapdragon Connectivity, 07 calculat ONFIRM 





qualcomm -- 
multiple_snapdragon_prod 





Out of bound read can happen in Widevine TA 
while copying data to buffer from user data due to 
lack of check of buffer length received in 
Snapdragon Auto, Snapdragon Compute, 
eee Connectivity, Snapdragon Consumer 

, Snapdragon Industrial IOT, Snapdragon loT, 
Snapdragon Mobile, Snapdragon Voice & Music, 
Snapdragon Wearables, Snapdragon Wired 
Infrastructure and Networking 


2021-05- 
07 





qualcomm -- 
multiple_snapdragon_prod 


qualcomm -- 
multiple_snapdragon_prod 


qualcomm -- 
multiple_snapdragon_prod 

















Buffer over-read while unpacking the RTCP 
packet we may read extra byte if wrong length is 
provided in RTCP packets in Snapdragon Auto, 
Snapdragon Compute, Snapdragon Connectivity, 
&tsapdragon Consumer IOT, Snapdragon 
Industrial IOT, Snapdragon loT, Snapdragon 
Mobile, Snapdragon Voice & Music, Snapdragon 
Wearables 


Memory corruption while processing crafted 
SDES packets due to improper length check in 
sdes packets recieved in Snapdragon Auto, 
Snapdragon Compute, Snapdragon Connectivity, 
&sapdragon Consumer IOT, Snapdragon 
Industrial IOT, Snapdragon loT, Snapdragon 
Mobile, Snapdragon Voice & Music, Snapdragon 
Wearables 


Locked memory can be unlocked and modified by 
non secure boot loader through improper system 
call sequence making the memory region 
untrusted source of input for secure boot loader in 
apdragon Auto, Snapdragon Compute, 
Snapdragon Industrial IOT, Snapdragon Mobile, 
Snapdragon Wired Infrastructure and Networking 
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qualcomm -- 
multiple_snapdragon_prod 


Double free in video due to lack of input buffer 
length check in Snapdragon Auto, Snapdragon 
Compute, Snapdragon Connectivity, Snapdragon 
tensumer IOT, Snapdragon Industrial OT, 
Snapdragon Mobile, Snapdragon Voice & Music, 
Snapdragon Wearables 


2021-05- 
07 


CVE-2021- 
1910 
CONFIRM 


not yet 
calculat 








qualcomm -- 
multiple_snapdragon_prod 


Possible use after free due to lack of null check 
while memory is being freed in FastRPC driver in 
Snapdragon Auto, Snapdragon Compute, 
Snapdragon Connectivity, Snapdragon Consumer 
EST, Snapdragon Industrial IOT, Snapdragon 
Mobile, Snapdragon Voice & Music, Snapdragon 
Wearables, Snapdragon Wired Infrastructure and 
Networking 


2021-05- 
07 


CVE-2021- 
not yet 


calculat ONFIRM 








qualcomm -- 
multiple_snapdragon_prod 


Out of bound write in logger due to prefix size is 
not validated while prepended to logging string in 
Snapdragon Auto, Snapdragon Compute, 
&sapdragon Connectivity, Snapdragon Consumer 
IOT, Snapdragon Industrial IOT, Snapdragon 
Mobile, Snapdragon Wearables 


2021-05- 
07 


CVE-2020- 
11294 
CONFIRM 


not yet 
calculat 











qualcomm -- 
multiple_snapdragon_prod 


qualcomm -- 
multiple_snapdragon_prod 


qualcomm -- 
multiple_snapdragon_prod 


qualcomm -- 
multiple_snapdragon_prod 





Possible denial of service scenario due to 
improper handling of group management action 
frame in Snapdragon Auto, Snapdragon Compute, 
Snapdragon Connectivity, Snapdragon Consumer 
€ikectronics Connectivity, Snapdragon Consumer 
IOT, Snapdragon Industrial IOT, Snapdragon 
Mobile, Snapdragon Voice & Music, Snapdragon 
Wired Infrastructure and Networking 


Buffer overflow can occur due to improper 
validation of NDP application information length in 
Snapdragon Auto, Snapdragon Compute, 
Snapdragon Connectivity, Snapdragon Consumer 
€ikectronics Connectivity, Snapdragon Consumer 
IOT, Snapdragon Industrial IOT, Snapdragon 
Mobile, Snapdragon Voice & Music, Snapdragon 
Wired Infrastructure and Networking 


Out of bound write can occur in TZ command 
handler due to lack of validation of command ID in 
Snapdragon Auto, Snapdragon Compute, 
Snapdragon Connectivity, Snapdragon Consumer 
ST, Snapdragon Industrial IOT, Snapdragon loT, 
Snapdragon Mobile, Snapdragon Voice & Music, 
Snapdragon Wearables, Snapdragon Wired 
Infrastructure and Networking 


Improper handling of address deregistration on 
failure can lead to new GPU address allocation 
failure. in Snapdragon Auto, Snapdragon 
pee Snapdragon Connectivity, Snapdragon 

3nsumer IOT, Snapdragon Industrial IOT, 
Snapdragon Mobile, Snapdragon Voice & Music, 
Snapdragon Wearables 








https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2d87c65 
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qualcomm -- 
multiple_snapdragon_prod 


Possible use after free due to improper handling 
of memory mapping of multiple processes 
simultaneously. in Snapdragon Auto, Snapdragon 
rea Snapdragon Connectivity, Snapdragon 
3nsumer IOT, Snapdragon Industrial IOT, 
Snapdragon Mobile, Snapdragon Voice & Music, 
Snapdragon Wearables 





2021-05- 
07 








qualcomm -- 
multiple_snapdragon_prod 


A possible use-after-free occurrence in audio 
driver can happen when pointers are not properly 
handled in Snapdragon Auto, Snapdragon 
Compute, Snapdragon Connectivity, Snapdragon 
tensumer IOT, Snapdragon Industrial OT, 
Snapdragon Mobile, Snapdragon Voice & Music, 
Snapdragon Wearables, Snapdragon Wired 
Infrastructure and Networking 


2021-05- 
07 


CVE-2021- 
891 
CONFIRM 


not yet 
calculat 








qualcomm -- 
multiple_snapdragon_prod 


Out of bound write can occur in playready while 
processing command due to lack of input 
validation in Snapdragon Auto, Snapdragon 
Eempute, Snapdragon Connectivity, Snapdragon 
Consumer IOT, Snapdragon Industrial IOT, 
Snapdragon Mobile, Snapdragon Voice & Music 


2021-05- 
07 


CVE-2020- 
11288 
CONFIRM 


not yet 
calculat 





qualcomm -- 
multiple_snapdragon_prod 


qualcomm -- 
multiple_snapdragon_prod 


qualcomm -- 
multiple_snapdragon_prod 


qualcomm -- 


snapdragon_auto_and_sna 


Denial of service in MODEM due to assert to the 
invalid configuration in Snapdragon Auto, 
ace Compute, Snapdragon Connectivity, 

Napdragon Consumer IOT, Snapdragon 
Industrial IOT, Snapdragon Mobile 


Memory corruption during buffer allocation due to 
dereferencing session ctx pointer without 
gnectng if pointer is valid in Snapdragon Auto, 

apdragon Compute, Snapdragon Connectivity, 
Snapdragon Mobile 


Possible integer overflow due to improper length 
check while flashing an image in Snapdragon 
tensumer IOT, Snapdragon Industrial OT, 
Snapdragon Voice & Music 
Potential UE reset while decoding a crafted Sib1 
or SIB1 that schedules unsupported SIBs and can 
aaigtondemddilef service in Snapdragon Auto, 
Snapdragon Mobile 










2021-05- 
07 


2021-05- 
07 


2021-05- 
07 


2021-05- 
07 








qualys -- exim 


Exim 4 before 4.94.2 allows Exposure of File 
Descriptor to Unintended Control Sphere because 
rda_interpret uses a privileged pipe that lacks a 
close-on-exec flag. 


2021-05- 
06 


CVE-2020- 
8012 
ISC 


not yet 
calculat 





qualys -- exim 


qualys -- exim 











Exim 4 before 4.94.2 has Improper Neutralization 
of Line Delimiters, relevant in non-default 
configurations that enable Delivery Status 
Notification (DSN). Certain uses of ORCPT= can 
place a newline into a spool header file, and 
indirectly allow unauthenticated remote attackers 
to execute arbitrary commands as root. 


Exim 4 before 4.94.2 has Improper Initialization 
that can lead to recursion-based stack 
consumption or other consequences. This occurs 
because use of certain getc functions is 
mishandled when a client uses BDAT instead of 
DATA. 
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qualys -- exim 


Exim 4 before 4.94.2 allows Execution with 
Unnecessary Privileges. Because Exim operates 
as root in the spool directory (owned by a non-root 
user), an attacker can write to a 
/var/spool/exim4/input spool header file, in which 
a crafted recipient address can indirectly lead to 
command execution. 





2021-05- 
06 








qualys -- exim 


Exim 4 before 4.94.2 allows Use After Free in 
smtp_reset in certain situations that may be 
common for builds with OpenSSL. 


2021-05- 
06 


not yet oe 020- 
calculat ISC 








qualys -- exim 


qualys -- exim 


qualys -- exim 


qualys -- exim 


Exim 4 before 4.94.2 allows Execution with 
Unnecessary Privileges. Because Exim operates 
as root in the log directory (owned by a non-root 
user), a symlink or hard link attack allows 
overwriting critical root-owned files anywhere on 
the filesystem. 


Exim 4 before 4.94.2 allows Heap-based Buffer 
Overflow in queue_run via two sender options: -R 
and -S. This may cause privilege escalation from 
exim to root. 


Exim 4 before 4.94.2 has Improper Neutralization 
of Line Delimiters. An authenticated remote SMTP 
client can insert newline characters into a spool 
file (which indirectly leads to remote code 
execution as root) via AUTH= in a MAIL FROM 
command. 


Exim 4 before 4.94.2 has Execution with 
Unnecessary Privileges. By leveraging a 
delete_pid_file race condition, a local user can 
delete arbitrary files as root. This involves the -oP 
and -oPX options. 








2021-05- 
06 


2021-05- 
06 


2021-05- 
06 


2021-05- 
06 








qualys -- exim 


Exim 4 before 4.94.2 has Improper Restriction of 
Write Operations within the Bounds of a Memory 
Buffer. This occurs when processing name=value 
pairs within MAIL FROM and RCPT TO 
commands. 


2021-05- 
06 


CVE-2020- 
8022 
ISC 


not yet 
calculat 








qualys -- exim 
&#xA0; 


Exim 4 before 4.94.2 allows Buffer Underwrite that 
may result in unauthenticated remote attackers 
executing arbitrary commands, because 
smtp_ungetc was only intended to push back 
characters, but can actually push back non- 
character error codes such as EOF. 


2021-05- 
06 


CVE-2020- 
8024 
ISC 


not yet 
calculat 





qualys -- exim 


qualys -- exim 








Exim 4 before 4.94.2 allows Out-of-bounds Read 
because pdkim_finish_bodyhash does not 
validate the relationship between sig- 
>bodyhash.len and b->bh.len; thus, a crafted 
DKIM-Signature header might lead to a leak of 
sensitive information from process memory. 


Exim 4 before 4.94.2 allows Integer Overflow to 
Buffer Overflow because get_stdinput allows 
unbounded reads that are accompanied by 
unbounded increases in a certain size variable. 
NOTE: exploitation may be impractical because of 
the execution time needed to overflow (multiple 











days). 
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Exim 4 before 4.94.2 allows Out-of-bounds Write 








because the main function, while setuid root, 2021-05- || not yet CVE-2020- 
qualys -- exim copies the current working directory pathname 06 Galcutat 8010 

into a buffer that is too small (on some common ISC 

platforms). 

Exim 4 before 4.94.2 allows Heap-based Buffer 

Overflow because it mishandles "-F '.("" on the CVE-2020- 
qualys -- exim command line, and thus may allow privilege 2021-05- || not yet 28013. 

escalation from any user to root. This occurs 06 calculat ISC 


because of the interpretation of negative sizes in 
strncpy. 





qualys -- exim 


qualys -- exim 


qualys -- exim 


qualys -- exim 


Exim 4 before 4.94.2 allows Execution with 
Unnecessary Privileges. The -oP option is 
available to the exim user, and allows a denial of 
service because root-owned files can be 
overwritten. 


Exim 4 before 4.94.2 has Improper Neutralization 
of Line Delimiters. Local users can alter the 
behavior of root processes because a recipient 
address can have a newline character. 


Exim 4 before 4.94.2 allows an off-by-two Out-of- 
bounds Write because "-F "" is mishandled by 
parse_fix_phrase. 


Exim 4 before 4.94.2 allows Integer Overflow to 
Buffer Overflow in receive_add_ recipient via an e- 
mail message with fifty million recipients. NOTE: 
remote exploitation may be difficult because of 
resource consumption. 








2021-05- 
06 


2021-05- 
06 


2021-05- 
06 


not yet 
calculate 


2021-05- 
06 





CVE-2020- 
8016 
ISC 











qualys -- exim 


Exim 4 before 4.92 allows Integer Overflow to 
Buffer Overflow, in which an unauthenticated 
remote attacker can execute arbitrary code by 
leveraging the mishandling of continuation lines 
during header-length restriction. 


2021-05- 
06 


not yet ie 020- 
calculat ISC 











qualys -- exim 


quan-fang-wei-tong-xun -- 
quan-fang-wei-tong-xun 


red_hat -- red_hat 


Exim 4 before 4.94.2 allows Out-of-bounds Read. 
smtp_setup_msg may disclose sensitive 
information from process memory to an 
unauthenticated SMTP client. 


Special characters of picture preview page in the 
Quan-Fang-Wei-Tong-Xun system are not filtered 
in users’ input, which allow remote authenticated 
attackers can inject malicious JavaScript and 
carry out Reflected XSS (Cross-site scripting) 
attacks, additionally access and manipulate 
customer’s information. 


A flaw was found in tripleo-ansible version as 
shipped in Red Hat Openstack 16.1. The Ansible 
log file is readable to all users during stack update 
and creation. The highest threat from this 
vulnerability is to data confidentiality. 
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redis -- redis 


Redis is an open source (BSD licensed), in- 
memory data structure store, used as a database, 
cache, and message broker. An integer overflow 
bug in Redis version 6.0 or newer could be 
exploited using the “STRALGO LCS* command to 
corrupt the heap and potentially result with remote 
code execution. The problem is fixed in version 
6.2.3 and 6.0.13. An additional workaround to 
mitigate the problem without patching the redis- 
server executable is to use ACL configuration to 
prevent clients from using the “STRALGO LCS’ 
command. 





2021-05- 
04 





redis -- redis 


rust -- rust 


Redis is an open source (BSD licensed), in- 
memory data structure store, used as a database, 
cache, and message broker. An integer overflow 
bug in Redis 6.2 before 6.2.3 could be exploited to 
corrupt the heap and potentially result with remote 
code execution. Redis 6.0 and earlier are not 
directly affected by this issue. The problem is 
fixed in version 6.2.3. An additional workaround to 
mitigate the problem without patching the ‘redis- 
server executable is to prevent users from 
modifying the ‘set-max-intset-entries” 
configuration parameter. This can be done using 
ACL to restrict unprivileged users from using the 
“CONFIG SET command. 


An issue was discovered in the algorithmica crate 
through 2021-03-07 for Rust. There is a double 
free in merge_sort::merge(). 








2021-05- 
04 


2021-05- 
03 


not vet |CVE=2021- 
palealiate 1996 
“MISC 








sabnzbd -- sabnzbd 


SABnzbd is an open source binary newsreader. A 
vulnerability was discovered in SABnzbd that 
could trick the ‘filesystem.renamer() function into 
writing downloaded files outside the configured 
Download Folder via malicious PAR2 files. A 
patch was released as part of SABnzbd 3.2.1RC1. 
As a workaround, limit downloads to NZBs without 
PAR2 files, deny write permissions to the 
SABnzbd process outside areas it must access to 
perform its job, or update to a fixed version. 


2021-05- 
07 


CVE-2021- 
not yet 


calculat 








samba -- fedora33 


A flaw was found in samba. The Samba smbd file 
server must map Windows group identities (SIDs) 
into unix group ids (gids). The code that performs 
this had a flaw that could allow it to read data 
beyond the end of the array in the case where a 
negative cache entry had been added to the 
mapping cache. This could cause the calling code 
to return those values into the process token that 
stores the group membership for a user. The 
highest threat from this vulnerability is to data 
confidentiality and integrity. 


2021-05- 
05 


not yet Ihara 
calculat 








shapeshift -- keepkey 








Insufficient length checks in the ShapeShift 
KeepKey hardware wallet firmware before 7.1.0 
allow a stack buffer overflow via crafted 
messages. The overflow in 
ethereum_extractThorchainSwapData() in 
ethereum.c can circumvent stack protections and 
lead to code execution. The vulnerable interface is 








reachable remotely over WebUSB. 





2021-05- 
06 


not yet 
calculat 
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sif -- sif 


simplelink -- wi-fi 


SIF is an open source implementation of the 
Singularity Container Image Format. The ‘siftool 
new’ command and func siftool.New() produce 
predictable UUID identifiers due to insecure 
randomness in the version of the 
*github.com/satori/go.uuid’ module used as a 
dependency. A patch is available in version >= 
v1.2.3 of the module. Users are encouraged to 
upgrade. As a workaround, users passing 
Createlnfo struct should ensure the “ID’ field is 
generated using a version of 
*github.com/satori/go.uuid* that is not vulnerable 
to this issue. 


The affected product is vulnerable to an integer 
overflow while processing HTTP headers, which 
may allow an attacker to remotely execute code 
on the SimpleLink Wi-Fi (MSP432E4 SDK: 
v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 
and prior, CC13X0 SDK versions prior to 
v4.10.03, CC13X2 and CC26XX SDK versions 
prior to v4.40.00, CC3200 SDK v1.5.0 and prior, 
CC3100 SDK v1.3.0 and prior). 








2021-05- 
07 


2021-05- 
07 





simplelink -- wi-fi 


The affected product is vulnerable to integer 
overflow while parsing malformed over-the-air 
firmware update files, which may allow an attacker 
to remotely execute code on SimpleLink Wi-Fi 
(MSP432E4 SDK: v4.20.00.12 and prior, CC32XX 
SDK v4.30.00.06 and prior, CC13X0 SDK 
versions prior to v4.10.03, CC13X2 and CC26XX 
SDK versions prior to v4.40.00, CC3200 SDK 
v1.5.0 and prior, CC3100 SDK v1.3.0 and prior). 





2021-05- 
07 





simplelink -- wi-fi 


An integer overflow exists in the APIs of the host 
MCU while trying to connect to a WIFI network 
may lead to issues such as a denial-of-service 
condition or code execution on the SimpleLink Wi- 
Fi (MSP432E4 SDK: v4.20.00.12 and prior, 
CC32XX SDK v4.30.00.06 and prior, CC13X0 
SDK versions prior to v4.10.03, CC13X2 and 
CC26XX SDK versions prior to v4.40.00, CC3200 
SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and 
prior). 





2021-05- 
07 








simplelink -- wi-fi 





Multiple integer overflow issues exist while 
processing long domain names, which may allow 
an attacker to remotely execute code on the 
SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 
and prior, CC32XX SDK v4.30.00.06 and prior, 
CC13X0 SDK versions prior to v4.10.03, CC13X2 
and CC26XX SDK versions prior to v4.40.00, 
CC3200 SDK v1.5.0 and prior, CC3100 SDK 








v1.3.0 and prior). 





2021-05- || not yet |AYE=2021- 
07 calculateye=o-! 
MISC 
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simplelink -- wi-fi 


The affected product is vulnerable to stack-based 
buffer overflow while processing over-the-air 
firmware updates from the CDN server, which 
may allow an attacker to remotely execute code 
on the SimpleLink Wi-Fi (MSP432E4 SDK: 





2021-05- 





































access to a valid session can use this to take over 
an account by changing the password. 








v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 07 
and prior, CC13X0 SDK versions prior to 
v4.10.03, CC13X2 and CC26XX SDK versions 
prior to v4.40.00, CC3200 SDK v1.5.0 and prior, 
CC3100 SDK v1.3.0 and prior). 
An issue was discovered in SolarWinds Serv-U 
before 15.2.2. Unauthenticated attackers can 2021-05 CVE-2021- 
. ; ; be -05- || not yet 
solarwinds -- serv-u retrieve cleartext passwords via macro Injection. 04 caleutat 154 
NOTE: this had a distinct fix relative to CVE-2020- ISC 
35481. 
CVE-2021- 
: SolarWinds Serv-U before 15.2 is affected by 
Siaiwinies Seheu Cross Site Scripting (XSS) via the HTTP Host. *047-08" | not yet | Se 
header. 
SolarWinds Serv-U before 15.1.6 Hotfix 3 is 
. _ 7 affected by Cross Site Scripting (XSS) via a 2021-05- 
Sclahwngs Sct directory name (entered by an admin) containing 05 
a JavaScript payload. 
The dashboard component of StackLift 
SPcidifi leealetack LocalStack 0.12.6 allows attackers to inject 2021-05- 
arbitrary shell commands via the functionName 07 
parameter. 
: A Cross-site scripting (XSS) vulnerability exists in || 2021-05- 
erect" lOcalstek StackLift LocalStack 0.12.6. 07 
Stormshield SNS with versions before 3.7.18, 
3.11.6 and 4.1.6 has a memory-management 2021-05- 
stormshield -- sns defect in the SNMP plugin that can lead to 06 
excessive consumption of memory and CPU 
resources, and possibly a denial of service. 
In Strapi through 3.6.0, the admin panel allows the 
changing of one's own password without entering 2021-05- || not vet 
strapi -- strapi the current password. An attacker who gains 06 poe 
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suse -- 
linux_enterprise_server 


suse -- OpenSuse 


A Incorrect Default Permissions vulnerability in the 
packaging of cups of SUSE Linux Enterprise 
Server 11-SP4-LTSS, SUSE Manager Server 4.0, 
SUSE OpenStack Cloud Crowbar 9; openSUSE 
Leap 15.2, Factory allows local attackers with 
control of the Ip users to create files as root with 
0644 permissions without the ability to set the 
content. This issue affects: SUSE Linux 
Enterprise Server 11-SP4-LTSS cups versions 
prior to 1.3.9. SUSE Manager Server 4.0 cups 
versions prior to 2.2.7. SUSE OpenStack Cloud 
Crowbar 9 cups versions prior to 1.7.5. 
openSUSE Leap 15.2 cups versions prior to 2.2.7. 
openSUSE Factory cups version 2.3.30p2-2.1 and 
prior versions. 


A Incorrect Default Permissions vulnerability in the 
packaging of virtualbox of openSUSE Factory 
allows local attackers in the vboxusers groupu to 
escalate to root. This issue affects: openSUSE 
Factory virtualbox version 6.1.20-1.1 and prior 
versions. 








2021-05- 
05 


2021-05- 
05 








tenda -- ac11_devices 


An issue was discovered on Tenda AC11 devices 
with firmware through 02.03.01.104_CN. A stack 
buffer overflow vulnerability in /goform/setportList 
allows attackers to execute arbitrary code on the 
system via a crafted post request. 


2021-05- 
07 


CVE-2021- 
1758 
ISC 


not yet 
calculat 








tenda -- ac11_devices 


An issue was discovered on Tenda AC11 devices 
with firmware through 02.03.01.104_CN. A stack 
buffer overflow vulnerability in /goform/setVLAN 
allows attackers to execute arbitrary code on the 
system via a crafted post request. 


2021-05- 
07 


CVE-2021- 
1757 
ISC 


not yet 
calculat 





tenda -- ac11_devices 


tenda -- ac11_devices 


themegrill-demo-importer - 


- themegrill-demo-importer 


themegrill-demo-importer - 
- themegrill-demo-importer 








An issue was discovered on Tenda AC11 devices 
with firmware through 02.03.01.104_CN. A stack 
buffer overflow vulnerability in /goform/setmac 
allows attackers to execute arbitrary code on the 
system via a crafted post request. 


An issue was discovered on Tenda AC11 devices 
with firmware through 02.03.01.104_CN. A stack 
buffer overflow vulnerability in 
/gofrom/setwanType allows attackers to execute 
arbitrary code on the system via a crafted post 
request. This occurs when input vector controlled 
by malicious attack get copied to the stack 
variable. 





themegrill-demo-importer before 1.6.2 does not 
require authentication for wiping the database, 
because of a reset_wizard_actions hook. 


themegrill-demo-importer before 1.6.3 allows 
CSRF, as demonstrated by wiping the database. 
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Trend Micro Home Network Security 6.5.599 and 
earlier is vulnerable to a file-parsing vulnerability 








trend_micro -- Which could allow an attacker to exploit the 2021-05- || not yet —— 
home_network_security vulnerability and cause a denial-of-service to the 05 calculat iA 
device. This vulnerability is similar, but not ——= 
identical to CVE-2021-31518. 
Trend Micro Home Network Security 6.5.599 and 
earlier is vulnerable to a file-parsing vulnerability CVE-2021- 
trend_micro -- Which could allow an attacker to exploit the 2021-05- || not yet 31518 
home_network_security vulnerability and cause a denial-of-service to the 05 calculat iA 


device. This vulnerability is similar, but not 
identical to CVE-2021-31517. 





vaadin -- vaadin 





Insecure temporary directory usage in frontend 
build functionality of com.vaadin:flow-server 
versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 
through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 
prior to 19), and 6.0.0 through 6.0.5 (Vaadin 
19.0.0 through 19.0.4) allows local users to inject 
malicious code into frontend resources during 
application rebuilds. 


2021-05- 
05 





vaadin -- vaadin 


veritystream -- 
msow_solutions 


vmware -- 
vreaize_business 


windscribe -- windscribe 


wordpress -- wordpress 








Unsafe validation RegEx in EmailValidator 
component in com.vaadin:vaadin-compatibility- 
server versions 8.0.0 through 8.12.4 (Vaadin 
versions 8.0.0 through 8.12.4) allows attackers to 
cause uncontrolled resource consumption by 
submitting malicious email addresses. 


Primary Source Verification in VerityStream 
MSOW Solutions before 3.1.1 allows an 
anonymous internet user to discover Social 
Security Number (SSN) values via a brute-force 
attack on a (sometimes hidden) search field, 
because the last four SSN digits are part of the 
supported combination of search selectors. This 
discloses doctors' and nurses’ social security 
numbers and PIl. 


VMware vRealize Business for Cloud 7.x prior to 
7.6.0 contains a remote code execution 
vulnerability due to an unauthorised end point. A 
malicious actor with network access may exploit 
this issue causing unauthorised remote code 
execution on vRealize Business for Cloud Virtual 
Appliance. 


All versions of Windscribe VPN for Mac and 
Windows <= v2.02.10 contain a local privilege 
escalation vulnerability in the WindscribeService 
component. A low privilege user could leverage 
several openvpn options to execute code as 
root/SYSTEM. 


The College publisher Import WordPress plugin 
through 0.1 does not check for the uploaded CSV 
file to import, allowing high privilege users to 
upload arbitrary files, such as PHP, leading to 
RCE. Due to the lack of CSRF check, the issue 
could also be exploited via a CSRF attack. 
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wordpress -- wordpress 


The &#x201C;HT Mega — Absolute Addons for 
Elementor Page Builder&#x201D; WordPress 
Plugin before 1.5.7 has several widgets that are 
vulnerable to stored Cross-Site Scripting (XSS) by 
lower-privileged users such as contributors, all via 
a similar method. 


2021-05- 
05 








wordpress -- wordpress 


The &#x201C;Elementor Addon 
Elements&#x201D; WordPress Plugin before 
1.11.2 has several widgets that are vulnerable to 
stored Cross-Site Scripting (XSS) by lower- 
privileged users such as contributors, all via a 
similar method. 


2021-05- 
05 





wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


In the eCommerce module of the NextGEN 
Gallery Pro WordPress plugin before 3.1.11, there 
is an action to call get_cart_items via 
photocrati_ajax , after that the 

settings[shipping _address][name] is able to inject 
malicious javascript. 


The &#x201C;Ultimate Addons for 
Elementor&#x201D; WordPress Plugin before 
1.30.0 has several widgets that are vulnerable to 
stored Cross-Site Scripting (XSS) by lower- 
privileged users such as contributors, all via a 
similar method. 


The &#x201C;Rife Elementor Extensions & 
Templates&#x201D; WordPress Plugin before 
1.1.6 has a widget that is vulnerable to stored 
Cross-Site Scripting(XSS) by lower-privileged 
users such as contributors, all via a similar 
method. 


The &#x201C;lmage Hover Effects — Elementor 
Addon&#x201D; WordPress Plugin before 1.3.4 
has a widget that is vulnerable to stored Cross- 
Site Scripting (XSS) by lower-privileged users 
such as contributors, all via a similar method. 


The &#x201C;Premium Addons for 
Elementor&#x201D; WordPress Plugin before 
4.2.8 has several widgets that are vulnerable to 
stored Cross-Site Scripting (XSS) by lower- 
privileged users such as contributors, all via a 
similar method. 





2021-05- 
05 


2021-05- 
05 


2021-05- 
05 


2021-05- 
05 


2021-05- 
05 





wordpress -- wordpress 


The &#x201C;Clever Addons for 
Elementor&#x201D; WordPress Plugin before 
2.1.0 has several widgets that are vulnerable to 
stored Cross-Site Scripting (XSS) by lower- 
privileged users such as contributors, all via a 
similar method. 


2021-05- 
05 








wordpress -- wordpress 








The Classyfrieds WordPress plugin through 3.8 
does not properly check the uploaded file when an 
authenticated user adds a listing, only checking 
the content-type in the request. This allows any 
authenticated user to upload arbitrary PHP files 
via the Add Listing feature of the plugin, leading to 
RCE. 








2021-05- 
06 
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wordpress -- wordpress 


The Event Banner WordPress plugin through 1.3 
does not verify the uploaded image file, allowing 
admin accounts to upload arbitrary files, such as 
.exe, .php, or others executable, leading to RCE. 
Due to the lack of CSRF check, the issue can also 
be used via such vector to achieve the same 
result, or via a LFl as authorisation checks are 
missing (but would require WP to be loaded) 





2021-05- 
06 








wordpress -- wordpress 


The Business Directory Plugin 
&#XE2;&#x20AC;&#x201C; Easy Listing 
Directories for WordPress WordPress plugin 
before 5.11.1 did not properly check for imported 
files, forbidding certain extension via a blacklist 
approach, allowing administrator to import an 
archive with a .php4 inside for example, leading to 
RCE 


2021-05- 
06 


CVE-2021- 
not yet 
Tou late? 4248 
Calculer ONEIRM 








wordpress -- wordpress 


An AJAX action registered by the WPBakery Page 
Builder (Visual Composer) Clipboard WordPress 
plugin before 4.5.8 did not have capability checks, 
allowing low privilege users, such as subscribers, 
to update the license options (key, email). 


2021-05- 
06 





wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 
&#xA0; 


wordpress -- wordpress 


wordpress -- wordpress 











The Workscout Core WordPress plugin before 
1.3.4, used by the WorkScout Theme did not 
sanitise the chat messages sent via the 
workscout_send_message_chat AJAX action, 
leading to Stored Cross-Site Scripting and Cross- 
Frame Scripting issues 


The Essential Addons for Elementor Lite 
WordPress Plugin before 4.5.4 has two widgets 
that are vulnerable to stored Cross-Site Scripting 
(XSS) by lower-privileged users such as 
contributors, both via a similar method. 


The OpenID Connect Generic Client WordPress 
plugin 3.8.0 and 3.8.1 did not sanitise the login 
error when output back in the login form, leading 
to a reflected Cross-Site Scripting issue. This 
issue does not require authentication and can be 
exploited with the default configuration. 


The Contact Form Check Tester WordPress 
plugin through 1.0.2 settings are visible to all 
registered users in the dashboard and are lacking 
any sanitisation. As a result, any registered user, 
such as subscriber, can leave an XSS payload in 
the plugin settings, which will be triggered by any 
user visiting them, and could allow for privilege 
escalation. The vendor decided to close the 
plugin. 

An AJAX action registered by the WPBakery Page 
Builder (Visual Composer) Clipboard WordPress 
plugin before 4.5.6 did not have capability checks 
nor sanitization, allowing low privilege users 
(subscriber+) to call it and set XSS payloads, 
which will be triggered in all backend pages. 
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wordpress -- wordpress 


The Imagements WordPress plugin through 1.2.5 
allows images to be uploaded in comments, 
however only checks for the Content-Type in the 
request to forbid dangerous files. This allows 
unauthenticated attackers to upload arbitrary files 
by using a valid image Content-Type along with a 
PHP filename and code, leading to RCE. 





2021-05- 
06 








wordpress -- wordpress 


The Business Directory Plugin 
&#XE2;&#x20AC;&#x201C; Easy Listing 
Directories for WordPress WordPress plugin 
before 5.11.2 suffered from a Cross-Site Request 
Forgery issue, allowing an attacker to make a 
logged in administrator update arbitrary payment 
history, such as change their status (from pending 
to completed to example) 


2021-05- 
06 


CVE-2021- 
4251 
CONFIRM 


not yet 
calculat 








wordpress -- wordpress 


The Business Directory Plugin 
&#XE2;&#x20AC;&#x201C; Easy Listing 
Directories for WordPress WordPress plugin 
before 5.11 suffered from a Cross-Site Request 
Forgery issue, allowing an attacker to make a 
logged in administrator import files. As the plugin 
also did not validate uploaded files, it could lead to 
RCE. 


2021-05- 
06 


CVE-2021- 
not yet 


calculat 





wordpress -- wordpress 





The Business Directory Plugin 
&#XE2;&#x20AC;&#x201C; Easy Listing 
Directories for WordPress WordPress plugin 
before 5.11.1 suffered from Cross-Site Request 
Forgery issues, allowing an attacker to make a 
logged in administrator add, edit or delete form 
fields, which could also lead to Stored Cross-Site 
Scripting issues. 


2021-05- 
06 





wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 








The Business Directory Plugin 
&#XE2;&#x20AC;&#x201C; Easy Listing 
Directories for WordPress WordPress plugin 
before 5.11.2 suffered from lack of sanitisation in 
the label of the Form Fields, leading to 
Authenticated Stored Cross-Site Scripting issues 
across various pages of the plugin. 


The Contact Form by Supsystic WordPress plugin 
before 1.7.15 did not sanitise the tab parameter of 
its options page before outputting it in an attribute, 
leading to a reflected Cross-Site Scripting issue 


EWWW Image Optimizer before 2.8.5 allows 
remote command execution because it relies on a 
protection mechanism involving boolval, which is 
unavailable before PHP 5.5. 


The Business Directory Plugin 
&#XE2;&#x20AC;&#x201C; Easy Listing 
Directories for WordPress WordPress plugin 
before 5.11.2 suffered from a Cross-Site Request 
Forgery issue, allowing an attacker to make a 
logged in administrator export files, which could 
then be downloaded by the attacker to get access 














to PIl, such as email, home addresses etc 
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wordpress -- wordpress 


The fitness calculators WordPress plugin before 
1.9.6 add calculators for Water intake, BMI 
calculator, protein Intake, and Body Fat and was 
lacking CSRF check, allowing attackers to make 
logged in users perform unwanted actions, such 
as change the calculator headers. Due to the lack 
of sanitisation, this could also lead to a Stored 
Cross-Site Scripting issue 





2021-05- 
05 








wordpress -- wordpress 


The Stop Spammers WordPress plugin before 
2021.9 did not escape user input when blocking 
requests (such as matching a spam word), 
outputting it in an attribute after sanitising it to 
remove HTML tags, which is not sufficient and 
lead to a reflected Cross-Site Scripting issue. 


2021-05- 
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wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


The Popup by Supsystic WordPress plugin before 
1.10.5 did not sanitise the tab parameter of its 
options page before outputting it in an attribute, 
leading to a reflected Cross-Site Scripting issue 





The Ultimate Maps by Supsystic WordPress 
plugin before 1.2.5 did not sanitise the tab 
parameter of its options page before outputting it 
in an attribute, leading to a reflected Cross-Site 
Scripting issue 

The &#x201C;Elementor — Header, Footer & 
Blocks Template&#x201D; WordPress Plugin 
before 1.5.8 has two widgets that are vulnerable 
to stored Cross-Site Scripting (XSS) by lower- 
privileged users such as contributors, all via a 
similar method. 


The &#x201C;Sina Extension for 
Elementor&#x201D; WordPress Plugin before 
3.3.12 has several widgets that are vulnerable to 
stored Cross-Site Scripting (XSS) by lower- 
privileged users such as contributors, all via a 
similar method. 


The &#x201C;All-in-One Addons for Elementor — 
WidgetKit&#x201D; WordPress Plugin before 
2.3.10 has several widgets that are vulnerable to 
stored Cross-Site Scripting (XSS) by lower- 
privileged users such as contributors, all via a 
similar method. 
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05 


2021-05- 
05 


2021-05- 
05 


2021-05- 
05 


2021-05- 
05 





wordpress -- wordpress 


The &#x201C;DeTheme Kit for 
Elementor&#x201D; WordPress Plugin before 
1.5.5.5 has a widget that is vulnerable to stored 
Cross-Site Scripting (XSS) by lower-privileged 
users such as contributors, all via a similar 
method. 


2021-05- 
05 








wordpress -- wordpress 





The &#x201C;Elementor Addons — PowerPack 
Addons for Elementor&#x201D; WordPress 
Plugin before 2.3.2 for WordPress has several 
widgets that are vulnerable to stored Cross-Site 
Scripting (XSS) by lower-privileged users such as 








contributors, all via a similar method. 
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The &#x201C;WooLentor — WooCommerce 
Elementor Addons + Builder&#x201D; WordPress 
Plugin before 1.8.6 has a widget that is vulnerable || 2021-05- 
to stored Cross-Site Scripting (XSS) by lower- 05 
privileged users such as contributors, all via a 
similar method. 


The &#x201C;Livemesh Addons for 
Elementor&#x201D; WordPress Plugin before 6.8 
has several widgets that are vulnerable to stored || 2021-05- 
Cross-Site Scripting (XSS) by lower-privileged 05 
users such as contributors, all via a similar 
method. 


The &#x201C;The Plus Addons for Elementor 
Page Builder Lite&#x201D; WordPress Plugin 
before 2.0.6 has four widgets that are vulnerable || 2021-05- 
to stored Cross-Site Scripting (XSS) by lower- 05 
privileged users such as contributors, all via a 
similar method. 


The Elements Kit Lite and Elements Kit Pro 
WordPress Plugins before 2.2.0 have a number of 
widgets that are vulnerable to stored Cross-Site 
Scripting (XSS) by lower-privileged users such as 
contributors, all via a similar method. 





wordpress -- wordpress 








wordpress -- wordpress 





wordpress -- wordpress 
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